Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#5840 closed defect (fixed)

Receving transfers through jabber proxy results in corrupt files

Reported by: sniperbeamer Owned by: datallah
Milestone: 2.5.0 Component: XMPP
Version: 2.4.2 Keywords: file transfer proxy bytestream
Cc: mcepl


Receiving transfers through a jabber bytestream proxy server (XEP-0065) results in corrupt files. The files start with two 0-bytes and the last two bytes are cut off.

I identified the problem in proxy.c (see patch). The proxy server sends: 05 00 00 00 00 00 Pidgin reads only 4 bytes but should read 6.

Though I don't know if this patch has any side effects.

Attachments (1)

fix-jabber-bytestream.patch (478 bytes) - added by sniperbeamer 11 years ago.

Download all attachments as: .zip

Change History (8)

Changed 11 years ago by sniperbeamer

comment:1 Changed 11 years ago by datallah

  • Owner changed from nwalp to datallah
  • pending changed from 0 to 1
  • Status changed from new to assigned

Hmm... it looks like real problem the server is sending bogus information (and libpurple isn't correctly hanging up on it when it does).

According to the XEP, it should be sending an ATYP (4th byte) of 03 indicating that it is specifying a domain name, the 5th byte should be the length of the "address" ('x') and the next x bytes should be the "address" (SHA1 Hash of: (SID + Initiator JID + Target JID)).

I'm going to fix it so that it'll hang up when it receives the invalid response from the server. There is no way that we can know how many bytes we should be reading for the address in this case as it violates the SOCKS5 specification.

Do you know what the "server" is in this case? Is it a standalone bytestream proxy server or is it another client?

comment:2 Changed 11 years ago by datallah@…

(In b57781a52511d0ab7a57590bf5c348f3b9d05640):
Fix SOCK5 error handling to abort when we get a bogus ATYP response. Make the initial buffer size big enough to read the address length for DOMAINNAME addresses. References #5840.

comment:3 Changed 11 years ago by sniperbeamer

  • pending changed from 1 to 0

The server is ejabberd 2.0.0

I found this in the source code of ejabberd ( ):

%% WARNING: According to SOCKS5 RFC, this reply is _incorrect_, but
%% Psi writes junk to the beginning of the file on correct reply.
%% I'm not sure, but there may be an issue with other clients.
%% Needs more testing.
make_reply() ->
    [?VERSION_5, ?SUCCESS, 0, 0, 0, 0].

comment:4 Changed 11 years ago by sniperbeamer

I patched the ejabberd proxy65 code and it works:

So this bug can be closed.

comment:5 Changed 11 years ago by datallah

  • Milestone set to 2.5.0
  • Resolution set to fixed
  • Status changed from assigned to closed

Thanks. I completely agree that this should be fixed at the source of the problem. The corruption part of this is fixed in Pidgin (with the side-effect that transfers wont work with broken the ejabberd proxy).

comment:6 Changed 11 years ago by datallah

Ticket #7108 has been marked as a duplicate of this ticket.

comment:7 Changed 11 years ago by datallah

The server fix has been released in ejabberd 2.0.2

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!