Bug 52448 - Don't allow others to close random tubes
Summary: Don't allow others to close random tubes
Status: RESOLVED MOVED
Alias: None
Product: Telepathy
Classification: Unclassified
Component: gabble (show other bugs)
Version: git master
Hardware: Other All
: medium normal
Assignee: Telepathy bugs list
QA Contact: Telepathy bugs list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-24 16:02 UTC by Jonny Lamb
Modified: 2019-12-03 19:57 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Jonny Lamb 2012-07-24 16:02:46 UTC 
(From bug #32612 comment #6):
> +private_tubes_factory_tube_close_cb (
> ...
> + if (!tube_msg_checks (self, msg, node, NULL, &tube_id))
> + return FALSE;
> 
> Er, this function allows Alice to close tubes between us and Bob, if she can
> guess or brute-force the tube ID. Pre-existing bug?
> 
> + DEBUG ("tube ID already in use; do not open the offered tube and close "
> + "the existing tube if it's to the same contact");
> 
> Not a merge blocker and presumably not your fault, but these semantics are
> crazy. We should have a separate tube ID "namespace" per peer, and store tubes
> in the hash table by (handle, id) tuples or something.
Comment 1 GitLab Migration User 2019-12-03 19:57:36 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/telepathy/telepathy-gabble/issues/237.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.