[jdev] Spoofing of iq ids and misbehaving servers
Jacek Konieczny
jajcus at jajcus.net
Sat Feb 1 18:36:36 UTC 2014
On 2014-01-30 13:49, Thijs Alkemade wrote:
> But what baffles me even more is that it almost appears like nobody else ever
> ran into this problem. Is it really the case that every XMPP client out there
> does not check for the correct 'from' on result iqs either? Or have they all
> implemented workarounds to deal with the incorrect behavior of the servers
> listed above?
In PyXMPP i have always used both <iq/> 'id' and 'to' as the key for
matching the replies. Then I added handling for the special case when
the <iq/> is sent with no 'to'. I think I had to update this a few times
to match all the strangely behaving servers.
And, as we are talking about servers addressing <iq/> stanzas in a weird
way – WildFire/OpenFire was the worse for me. PyXMPP have been strictly
checking stanza addressing (it was supposed to be used in different XMPP
scenarios, not just for clients), so it was fooled by unexpected
OpenFire behaviour – reply to the 'urn:ietf:params:xml:ns:xmpp-bind'
request sent to the server address:
http://community.igniterealtime.org/thread/35966
Greets,
Jacek
More information about the JDev
mailing list