#343 Minor BOSH issues on invalid requests

Reporter Waqas
Owner Zash
Created
Updated
Stars ★★ (2)
Tags
  • Priority-Medium
  • Status-Fixed
  • Milestone-0.10
  • Type-Defect
  1. Waqas on

    Empty data: curl -v --data "" http://localhost:5280/http-bind 404 Not Found Wrong namespace: curl -v http://localhost:5280/http-bind --data "<body xmlns=''/>" 400 Bad Request 0 length text/xml response Incomplete XML: curl -v http://localhost:5280/http-bind --data "<body xmlns=''" 404 Not Found Missing 'to': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind'/>" Proper XMPP error, but no contect-type Added 'to', missing or invalid 'rid': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost'/>" Traceback[httpserver]: .\plugins\mod_bosh.lua:248: attempt to perform arithmetic on a nil value Added 'rid', missing or invalid 'wait': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost' rid='1'/>" Traceback[httpserver]: .\plugins\mod_bosh.lua:249: bad argument #1 to 'math_min' (number expected, got nil) Note: Including wait is a SHOULD, not a MUST Added negative 'wait': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost' rid='1' wait='-1'/>" 200 OK Added fractional 'wait': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost' rid='1' wait='1.5'/>" 200 OK Added fractional negative rid: curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost' rid='-1.5' wait='1'/>" 200 OK Added 'wait': curl -v http://localhost:5280/http-bind --data "<body xmlns='http://jabber.org/protocol/httpbind' to='localhost' rid='1' wait='1'/>" 200 OK

  2. Zash on

    See also #475

  3. Zash on

    And #500

  4. Zash on

    Changes
    • owner MattJ Zash
    • tags Status-Started
  5. Zash on

    Mostly fixed in https://hg.prosody.im/0.10/rev/6ae3cf899b25 .. https://hg.prosody.im/0.10/rev/d24d88feed76 However incomplete XML fragments don't get rejected properly. We could consider changing to use util.xml or add some kind of flag to stream:parse() that it should expect a complete XML document.

    Changes
    • tags Status-Fixed

New comment

Not published. Used for spam prevention and optional update notifications.