Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
tigase-utils
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 10.9.4
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server tigase-utils Issues #24
JID trims resource part (#24)
Closed
Andrzej Wójcik (Tigase) opened 4 years ago

XMPPStringPrepSimple trims the resource part of the JID and returns it without throwing TigaseStringprepException. This causes the following issues:

  1. processed stanza from/to can be replaced with a JID with trimmed resource part making it impossible for delivery or delivering to the resource with invalid resource part of the JID
  2. behaviour is not RFC6122 compatible as RFC allows SPACE as a part of the JID (also at the beginning or the end)
  3. client is not made aware of the issue (TigaseStringprepException is not thrown)
Andrzej Wójcik (Tigase) commented 4 years ago

I've removed trimming from XMPPStringPrepSimple to make it more RFC6122 compatible.
Andrzej Wójcik (Tigase) commented 4 years ago

Originally, the issue was found due to the issue with the Push Notifications component - it responded to the wrong JID (with trimmed resource part) and that user was hosted on the remote service allowing non-trimmed resources.
issue 1 of 1
Type
Bug
Priority
Normal
Assignee
wojciech.kapcia@tigase.net
Version
tigase-server-8.2.0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/tigase-utils#24
Please wait...
Page is in error, reload to recover