|Summary:||Don't allow others to close random tubes|
|Product:||Telepathy||Reporter:||Jonny Lamb <jonny.lamb>|
|Component:||gabble||Assignee:||Telepathy bugs list <telepathy-bugs>|
|Status:||RESOLVED MOVED||QA Contact:||Telepathy bugs list <telepathy-bugs>|
|i915 platform:||i915 features:|
Description Jonny Lamb 2012-07-24 16:02:46 UTC
(From bug #32612 comment #6): > +private_tubes_factory_tube_close_cb ( > ... > + if (!tube_msg_checks (self, msg, node, NULL, &tube_id)) > + return FALSE; > > Er, this function allows Alice to close tubes between us and Bob, if she can > guess or brute-force the tube ID. Pre-existing bug? > > + DEBUG ("tube ID already in use; do not open the offered tube and close " > + "the existing tube if it's to the same contact"); > > Not a merge blocker and presumably not your fault, but these semantics are > crazy. We should have a separate tube ID "namespace" per peer, and store tubes > in the hash table by (handle, id) tuples or something.
Comment 1 GitLab Migration User 2019-12-03 19:57:36 UTC
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/telepathy/telepathy-gabble/issues/237.