[Pidgin] #15879: wrong "iq" detected during login
Pidgin
trac at pidgin.im
Thu Jan 30 12:15:20 EST 2014
#15879: wrong "iq" detected during login
---------------------------------+---------------------
Reporter: arisia | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.10.8 | Resolution:
Keywords: facebook connect iq |
---------------------------------+---------------------
Comment (by xnyhps):
I've emailed the jdev and security mailing lists at jabber.org. See
http://mail.jabber.org/pipermail/jdev/2014-January/089824.html.
Seeing the observed behavior from these broken servers, I think it would
be a valid workaround for libpurple to consider iqs from:
* The bare domain JID
* The full JID of Pidgin
to be legal when expecting an iq reply with either the user's bare JID or
no 'to'. As far as I can tell, that should have no security implications
and would fix the problems we've seen so far.
--
Ticket URL: <https://developer.pidgin.im/ticket/15879#comment:19>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list