Bug 52448 - Don't allow others to close random tubes
Summary: Don't allow others to close random tubes
Status: NEW
Alias: None
Product: Telepathy
Classification: Unclassified
Component: gabble (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: Telepathy bugs list
QA Contact: Telepathy bugs list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-24 16:02 UTC by Jonny Lamb
Modified: 2012-07-24 16:02 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jonny Lamb 2012-07-24 16:02:46 UTC
(From bug #32612 comment #6):
> +private_tubes_factory_tube_close_cb (
> ...
> + if (!tube_msg_checks (self, msg, node, NULL, &tube_id))
> + return FALSE;
> 
> Er, this function allows Alice to close tubes between us and Bob, if she can
> guess or brute-force the tube ID. Pre-existing bug?
> 
> + DEBUG ("tube ID already in use; do not open the offered tube and close "
> + "the existing tube if it's to the same contact");
> 
> Not a merge blocker and presumably not your fault, but these semantics are
> crazy. We should have a separate tube ID "namespace" per peer, and store tubes
> in the hash table by (handle, id) tuples or something.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.