What steps will reproduce the problem?
1. Websocket and normal clients in a MUC (or other broadcast source)
2. ????
What is the expected output?
Websocket clients see the required xmlns="jabber:client"
Normal clients don't since i
What do you see instead?
Normal clients sometimes see explicit xmlns="jabber:client" depending on load order.
What version of the product are you using? On what operating system?
Probably affecting 0.10 and later, not tested.
Please provide any additional information below.
mod_websocket applies xmlns="jabber:client" before serialization but doesn't (and can't) undo this mutation of the stanza object. In cases where the same stanza object is broadcast to multiple recipients without
Affects things like mod_smacks that check for xmlns to determine if it's a stanza or stream element.
Can be fixed by cloning the stanza somewhere, either in mod_websocket or mod_muc and other modules that do broadcasts, or both.
Reported by tmolitor
tmolitor
on
Ideally all modules doing any form of broadcasts should clone the stanzas involved before broadcasting them, that would eliminate this bug vector entirely (hopefully).
What steps will reproduce the problem? 1. Websocket and normal clients in a MUC (or other broadcast source) 2. ???? What is the expected output? Websocket clients see the required xmlns="jabber:client" Normal clients don't since i What do you see instead? Normal clients sometimes see explicit xmlns="jabber:client" depending on load order. What version of the product are you using? On what operating system? Probably affecting 0.10 and later, not tested. Please provide any additional information below. mod_websocket applies xmlns="jabber:client" before serialization but doesn't (and can't) undo this mutation of the stanza object. In cases where the same stanza object is broadcast to multiple recipients without Affects things like mod_smacks that check for xmlns to determine if it's a stanza or stream element. Can be fixed by cloning the stanza somewhere, either in mod_websocket or mod_muc and other modules that do broadcasts, or both. Reported by tmolitor
Ideally all modules doing any form of broadcasts should clone the stanzas involved before broadcasting them, that would eliminate this bug vector entirely (hopefully).
Fixed in https://hg.prosody.im/trunk/rev/4b3c129e96f2
Changes