headers
Grégoire Menuel | 1 Aug 18:55

Psi and MUC problem

Hi folks !
Today I've encountered a relatively severe bug using psi and a MUC room 
(specifically mu-conference, but I've tested with ejabberd's mod_muc and the 
same problem occurs).

This bug allow anyone to kick every psi user of a room (tested with psi-0.11 
and psi-svn from yesterday). The principe is simple, just send a buggy 
encrypted message to a MUC room and every psi user will just happen to leave 
the room. The problem is that Psi sends an error when it can't decode an 
encrypted message (not-acceptable), and the MUC kick a user when it receives 
an error message from this user.

I'm not sure if the problem is on the Psi side (the XEP-0027 doesn't say to 
send an error back when the client can't decrypt a message), or on the MUC 
implementations side (the XEP-0045 says "A MUC service SHOULD remove a user 
if the service receives a delivery-related error in relation to a stanza it 
has previously sent to the user (remote server unreachable, user not found, 
etc.).", but does an not-acceptable error can be considered as a 
delivery-related error ?).

Regards,
--

-- 
Grégoire Menuel
xmpp:omega@...
GPG: 1024D/D3BF3B20
Permalink | Reply |
headers
Peter Saint-Andre | 1 Aug 19:12

Re: Psi and MUC problem

Grégoire Menuel wrote:
> Hi folks !
> Today I've encountered a relatively severe bug using psi and a MUC room 
> (specifically mu-conference, but I've tested with ejabberd's mod_muc and the 
> same problem occurs).
> 
> This bug allow anyone to kick every psi user of a room (tested with psi-0.11 
> and psi-svn from yesterday). The principe is simple, just send a buggy 
> encrypted message to a MUC room and every psi user will just happen to leave 
> the room. The problem is that Psi sends an error when it can't decode an 
> encrypted message (not-acceptable), and the MUC kick a user when it receives 
> an error message from this user.
> 
> I'm not sure if the problem is on the Psi side (the XEP-0027 doesn't say to 
> send an error back when the client can't decrypt a message), or on the MUC 
> implementations side (the XEP-0045 says "A MUC service SHOULD remove a user 
> if the service receives a delivery-related error in relation to a stanza it 
> has previously sent to the user (remote server unreachable, user not found, 
> etc.).", but does an not-acceptable error can be considered as a 
> delivery-related error ?).

IIRC this was fixed in ejabberd, not sure about other implementations. I 
agree that the phrase "delivery-related error" is a bit unclear -- this 
is intended to refer to the following errors:

gone
item-not-found
recipient-unavailable
redirect
remote-server-not-found
(Continue reading)

Permalink | Reply |
headers
Grégoire Menuel | 1 Aug 19:15

Re: Psi and MUC problem

Le vendredi 1 août 2008, Peter Saint-Andre a écrit :
> > I'm not sure if the problem is on the Psi side (the XEP-0027 doesn't say
> > to send an error back when the client can't decrypt a message), or on the
> > MUC implementations side (the XEP-0045 says "A MUC service SHOULD remove
> > a user if the service receives a delivery-related error in relation to a
> > stanza it has previously sent to the user (remote server unreachable,
> > user not found, etc.).", but does an not-acceptable error can be
> > considered as a delivery-related error ?).
>
> IIRC this was fixed in ejabberd, not sure about other implementations. I
> agree that the phrase "delivery-related error" is a bit unclear -- this
> is intended to refer to the following errors:
>
> gone
> item-not-found
> recipient-unavailable
> redirect
> remote-server-not-found
> remote-server-timeout
>
> (Perhaps also jid-malformed and service-unavailable, but those are open
> to debate because service-unavailable is used as a catch-all.)

Ok, the ejabberd's mod_muc have tested is rather old, so it might have been 
fixed. I'll fix it in mu-conference then, thanks !

--

-- 
Grégoire Menuel
xmpp:omega <at> im.apinc.org
GPG: 1024D/D3BF3B20
(Continue reading)

Permalink | Reply |
headers
Peter Saint-Andre | 4 Aug 19:15

Re: Psi and MUC problem

Grégoire Menuel wrote:
> Le vendredi 1 août 2008, Peter Saint-Andre a écrit :
>>> I'm not sure if the problem is on the Psi side (the XEP-0027 doesn't say
>>> to send an error back when the client can't decrypt a message), or on the
>>> MUC implementations side (the XEP-0045 says "A MUC service SHOULD remove
>>> a user if the service receives a delivery-related error in relation to a
>>> stanza it has previously sent to the user (remote server unreachable,
>>> user not found, etc.).", but does an not-acceptable error can be
>>> considered as a delivery-related error ?).
>> IIRC this was fixed in ejabberd, not sure about other implementations. I
>> agree that the phrase "delivery-related error" is a bit unclear -- this
>> is intended to refer to the following errors:
>>
>> gone
>> item-not-found
>> recipient-unavailable
>> redirect
>> remote-server-not-found
>> remote-server-timeout
>>
>> (Perhaps also jid-malformed and service-unavailable, but those are open
>> to debate because service-unavailable is used as a catch-all.)
> 
> Ok, the ejabberd's mod_muc have tested is rather old, so it might have been 
> fixed. I'll fix it in mu-conference then, thanks !

Fixed in the spec, but I can't check in the fix yet because of DNS 
troubles with svn.xmpp.org -- or something. :(

/psa
(Continue reading)

Permalink | Reply |

Gmane