[Adium-devl] Adium 1.2.6 (and 1.3b6) XMPP problems - fixed
Evan Schoenberg
evan at adiumx.com
Thu Jul 3 02:13:26 UTC 2008
Please see http://trac.adiumx.com/changeset/24183 (merged in [24184]))
for details.
This oversight on my part makes 1.2.6 and 1.3b6 basically unusable for
XMPP. Any time we're sent a jabber:iq:version request it functions as
a DOS against us, as we're led to send invalid XML. I say this
publicly rather than with an eye to fixing it quietly because it would
require careful speed on the part of an attacker to manage to do this
before the server or one of our contacts did so first.
I feel ridiculous for causing the problem, and offer as an excuse only
that I far prefer the retain/release model of things which doesn't
expect you to allocate memory to pass into a function for storage.
We should push the fix for this in the form of a second release
ASAP... Are there any other immediate problems with 1.2.6 which should
be addressed, as well?
Cheers,
Evan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20080702/b1d0c18a/attachment.sig>
More information about the devel
mailing list