#552 Invalid presence causes traceback (closed)

#552 Invalid presence causes traceback

Reporter	Robert Sander
Owner	Zash
Created	2015-10-01
Updated	2017-04-11
Stars	★ (1)
Tags	Priority-Medium Status-Fixed Milestone-0.10 Type-Defect

Robert Sander on 2015-10-01
Hi, we are getting these Tracebacks from time to time in the prosody logfile: Oct 01 11:33:07 mod_c2s error Traceback[c2s]: /usr/lib/prosody/modules/mod_presence.lua:67: invalid value (table) at index 2 in table for 'concat' stack traceback: [C]: in function 't_concat' /usr/lib/prosody/modules/mod_presence.lua:67: in function 'handle_normal_presence' /usr/lib/prosody/modules/mod_presence.lua:325: in function '?' /usr/lib/prosody/util/events.lua:67: in function 'fire_event' /usr/lib/prosody/core/stanza_router.lua:187: in function 'core_post_stanza' /usr/lib/prosody/core/stanza_router.lua:135: in function </usr/lib/prosody/core/stanza_router.lua:56> (tail call): ? [C]: in function 'xpcall' /usr/lib/prosody/modules/mod_c2s.lua:123: in function 'cb_handlestanza' /usr/lib/prosody/util/xmppstream.lua:187: in function </usr/lib/prosody/util/xmppstream.lua:167> [C]: in function 'parse' /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed' /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data' /usr/lib/prosody/modules/mod_c2s.lua:252: in function </usr/lib/prosody/modules/mod_c2s.lua:249> (tail call): ? /usr/lib/prosody/net/server_select.lua:854: in function </usr/lib/prosody/net/server_select.lua:836> [C]: in function 'xpcall' /usr/bin/prosody:376: in function 'loop' /usr/bin/prosody:407: in main chunk [C]: ? Is there anything bad happening? Regards Robert
Zash on 2015-10-01
This seems to be what happens if someone sends a broken presence stanza. E.g: <presence><priority>123<cause-traceback/></priority></presence>
Changes
- title Invalid presence causes traceback
- tag Status-Accepted
Ge0rG on 2016-06-28
Also happened to me today, running 0.9.10 on Debian.
Zash on 2017-04-10
Changes
- owner Zash
- tags Milestone-0.10 Status-Started
Zash on 2017-04-10
Fixed in https://hg.prosody.im/0.10/rev/194409dcba22 Clients triggering this would be breaking a MUST. If we ever do any more careful stanza validation, this would could be rejected. For now it will be forwarded. https://xmpp.org/rfcs/rfc6121.html#presence-syntax-children-priority
Changes
- tags Status-Fixed
Robert Sander on 2017-04-11
"Be conservative in what you do, be liberal in what you accept from others." https://en.wikipedia.org/wiki/Robustness_principle Do not rely on any standard when dealing with external input.
Zash on 2017-04-11
https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

Robert Sander on 2015-10-01

Hi, we are getting these Tracebacks from time to time in the prosody logfile: Oct 01 11:33:07 mod_c2s error Traceback[c2s]: /usr/lib/prosody/modules/mod_presence.lua:67: invalid value (table) at index 2 in table for 'concat' stack traceback: [C]: in function 't_concat' /usr/lib/prosody/modules/mod_presence.lua:67: in function 'handle_normal_presence' /usr/lib/prosody/modules/mod_presence.lua:325: in function '?' /usr/lib/prosody/util/events.lua:67: in function 'fire_event' /usr/lib/prosody/core/stanza_router.lua:187: in function 'core_post_stanza' /usr/lib/prosody/core/stanza_router.lua:135: in function </usr/lib/prosody/core/stanza_router.lua:56> (tail call): ? [C]: in function 'xpcall' /usr/lib/prosody/modules/mod_c2s.lua:123: in function 'cb_handlestanza' /usr/lib/prosody/util/xmppstream.lua:187: in function </usr/lib/prosody/util/xmppstream.lua:167> [C]: in function 'parse' /usr/lib/prosody/util/xmppstream.lua:255: in function 'feed' /usr/lib/prosody/modules/mod_c2s.lua:230: in function 'data' /usr/lib/prosody/modules/mod_c2s.lua:252: in function </usr/lib/prosody/modules/mod_c2s.lua:249> (tail call): ? /usr/lib/prosody/net/server_select.lua:854: in function </usr/lib/prosody/net/server_select.lua:836> [C]: in function 'xpcall' /usr/bin/prosody:376: in function 'loop' /usr/bin/prosody:407: in main chunk [C]: ? Is there anything bad happening? Regards Robert

Zash on 2015-10-01

This seems to be what happens if someone sends a broken presence stanza. E.g: <presence><priority>123<cause-traceback/></priority></presence>

Changes

title Invalid presence causes traceback
tag Status-Accepted

Ge0rG on 2016-06-28

Also happened to me today, running 0.9.10 on Debian.

Zash on 2017-04-10

owner Zash
tags Milestone-0.10 Status-Started

Fixed in https://hg.prosody.im/0.10/rev/194409dcba22 Clients triggering this would be breaking a MUST. If we ever do any more careful stanza validation, this would could be rejected. For now it will be forwarded. https://xmpp.org/rfcs/rfc6121.html#presence-syntax-children-priority

tags Status-Fixed

Robert Sander on 2017-04-11

"Be conservative in what you do, be liberal in what you accept from others." https://en.wikipedia.org/wiki/Robustness_principle Do not rely on any standard when dealing with external input.

Zash on 2017-04-11

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

#552 Invalid presence causes traceback

New comment