Opened 10 years ago

Last modified 10 years ago

#8102 new defect

Authentication hangs if no request_ops handler is registered

Reported by: Zeqfreed Owned by: deryni
Milestone: Component: XMPP
Version: 2.5.4 Keywords: cyrus sasl authentication request ops
Cc:

Description

If user of the library doesn't define request_action operation in PurpleRequestUiOps?, then authentication will hang inside jabber_auth_start_cyrus function (implemented in jabber/auth.c), because the return value of purple_request_yes_no on line 330 isn't checked.

It is silently assumed either of allow_cyrus_plaintext_auth or disallow_plaintext_auth will be called, which is not the case when request_action operation not defined or handles the request incorrectly.

My suggestion is that at least a warning should be generated if described condition occurs and the library shouldn't wait for user's response that will never take place.

Change History (1)

comment:1 Changed 10 years ago by datallah

The return value of purple_request_yes_no() isn't useful; the request implementation may or may not return a non-NULL value.

While it is certainly suboptimal that the request API is used during the prpl login, implementing the request API isn't really optional as it is used for a number of important things (like this, and key related functionality in SILC).

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!