[Pidgin] #15879: XMPP/Jabber (Facebook): Wrong "iq" detected during login

Pidgin trac at pidgin.im
Tue Jan 28 15:33:08 EST 2014


#15879: XMPP/Jabber (Facebook): Wrong "iq" detected during login
---------------------------------+---------------------
 Reporter:  arisia               |       Owner:  deryni
     Type:  defect               |      Status:  new
Milestone:                       |   Component:  XMPP
  Version:  2.10.8               |  Resolution:
 Keywords:  facebook connect iq  |
---------------------------------+---------------------
Changes (by datallah):

 * cc: xnyhps, darkrain, darkrain42 (added)


Comment:

 It looks like this is a real bug in Pidgin,and not just a facebook server
 bug.
 In [93d4bff19574], a security fix was made which changed the behavior so
 that all stanzas responses' "from" attribute should match the "to"
 attribute the stanza was sent to.

 However, the implementation is not correct - we don't cover (b) in
 http://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-from-c2s:
 {{{
 When the server generates a stanza from the server for delivery to the
 client on behalf of the account of the connected client (e.g., in the
 context of data storage services provided by the server on behalf of the
 client), the stanza MUST either (a) not include a 'from' attribute or (b)
 include a 'from' attribute whose value is the account's bare JID
 (<localpart at domainpart>).
 }}}

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15879#comment:3>
Pidgin <https://pidgin.im>
Pidgin


More information about the Tracker mailing list