Opened 8 years ago

Closed 8 years ago

#13928 closed defect (fixed)

XMPP file transfers using SOCKS5 bytestreams don't use account proxy settings

Reported by: datallah Owned by: datallah
Milestone: 2.8.0 Component: XMPP
Version: 2.7.11 Keywords:
Cc:

Description

When using a SOCKS5-bytestream (XEP-0065) based file transfer, the account proxy settings are not considered at all, a direct connection to the other party (which may be either an intermediate server or another end user) is always performed.

This ends up being somewhat confusing because the functionality re-uses the core libpurple SOCKS5 proxy functionality. What is needed is to first connect to the account proxy (if any) and then perform the XEP-0066 SOCKS negotiation.

Change History (3)

comment:1 Changed 8 years ago by ioerror

This does appear to be related to #11110 - it's a subtle leak and is similar to the risks posed by a voice and video call invitation/attempt.

comment:2 Changed 8 years ago by datallah@…

(In e94114863f0a88734486a256f21a13697c6711a6):
xmpp: Don't advertise our IPs as available streamhosts when using a TOR proxy.

If we weren't string-frozen, I'd use a new separate account option for this.

Refs #13928

comment:3 Changed 8 years ago by datallah@…

  • Milestone set to 2.8.0
  • Resolution set to fixed
  • Status changed from new to closed

(In 88714ca54173f04271339337e9135ca9146c12e9):
proxy: Use account proxy when making standalone SOCKS5 connections.

This ends up being potentially weird in that you may end up tunnelling a SOCKS5 proxy connection though another SOCKS5 proxy.

It may mean that non-IBB file xmpp transfers work more consistently on restricted networks, but may make the situation worse some situations e.g. when a proxy is required to connect to the xmpp server, but you want to send a file to someone on your local network.

What it does do though is to allow you to prevent the streamhost from knowing where you're connecting from.

Fixes #13928

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!