Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: ejabberd 2.1.5
-
Fix Version/s: ejabberd 2.1.6, ejabberd 3.0.0-alpha-2
-
Component/s: Privacy
-
Labels:
-
Company:
-
Last commented by user ?:true
Description
User sets and activates privacy lists to block iq stanzas:
<!-- 16:20:02.256 OUT (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq id='184:823142' xml:lang='en' type='set'> <query xmlns='jabber:iq:privacy'> <list name='blockiq'> <item action='deny' order='1'><iq/></item> </list> </query> </iq> <!-- 16:20:02.347 IN (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq from='user1@domain.tld' to='user1@domain.tld/Ткаббер' id='184:823142' type='result'/> <!-- 16:21:08.397 OUT (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq id='186:791728' xml:lang='en' type='set'> <query xmlns='jabber:iq:privacy'> <active name='blockiq'/> </query> </iq> <!-- 16:21:08.460 IN (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq from='user1@domain.tld' to='user1@domain.tld/Ткаббер' id='186:791728' type='result'/>}}
User sends an iq stanza, which should be blocked:
<!-- 16:23:32.003 OUT (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq id='189:525572' xml:lang='en' type='get' to='user2@domain.tld/resource'> <query xmlns='jabber:iq:version'/> </iq>
Server should block this stanza, and send back iq not-acceptable error stanza. (XEP-0016, example 51)
Instead, the server routes it to contact, which responds:
<!-- 16:23:32.099 IN (::xmpp::1, user1@domain.tld/Ткаббер) --> <iq from='user2@domain.tld/resource' to='user1@domain.tld/Ткаббер' type='result' id='189:525572'> <query xmlns='jabber:iq:version'> <name>Stabber</name> <version>666</version> <os>FiendOS</os> </query> <evil xmlns='http://jabber.org/protocol/evil'/> </iq>
Activity
Field | Original Value | New Value |
---|---|---|
Assignee | Badlop [ badlop ] |
Status | Open [ 1 ] | Resolved [ 5 ] |
Fix Version/s | ejabberd 2.1.6 [ 10658 ] | |
Fix Version/s | ejabberd 3.0.0-alpha-2 [ 10659 ] | |
Resolution | Fixed [ 1 ] |
Status | Resolved [ 5 ] | Closed [ 6 ] |
Workflow | development v3 [ 73296 ] | Development v4 [ 81455 ] |