Projects tigase _server tigase-utils Issues #24
JID trims resource part (#24)
Andrzej Wójcik (Tigase) opened 4 years ago

XMPPStringPrepSimple trims the resource part of the JID and returns it without throwing TigaseStringprepException. This causes the following issues:

  1. processed stanza from/to can be replaced with a JID with trimmed resource part making it impossible for delivery or delivering to the resource with invalid resource part of the JID
  2. behaviour is not RFC6122 compatible as RFC allows SPACE as a part of the JID (also at the beginning or the end)
  3. client is not made aware of the issue (TigaseStringprepException is not thrown)
Andrzej Wójcik (Tigase) commented 4 years ago

I've removed trimming from XMPPStringPrepSimple to make it more RFC6122 compatible.

Andrzej Wójcik (Tigase) commented 4 years ago

Originally, the issue was found due to the issue with the Push Notifications component - it responded to the wrong JID (with trimmed resource part) and that user was hosted on the remote service allowing non-trimmed resources.

issue 1 of 1
Type
Bug
Priority
Normal
Assignee
Version
tigase-server-8.2.0
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/tigase-utils#24
Please wait...
Page is in error, reload to recover