Package: centericq
Version: 4.20.0-4
Severity: normal
Tags: patch, upstream
When centericq receives encrypted messages from a psi[1] client
where typing notification "events" are enabled under
Options > Advanced > Events
centericq is not able to decode such encrypted messages,
but instead shows the (unencrypted) content of the body which says:
"[This message is encrypted.]"
The messages which cannot be handled by centericq correctly, look like this:
<message type="chat" id="aab6a" to="[EMAIL PROTECTED]/centericq" >
<body>[This message is encrypted.]</body>
<x xmlns="jabber:x:event">
<composing/>
</x>
<x
xmlns="jabber:x:encrypted">hQEOA7VkXGEW9FeiEAQArvz07zOgejLT2VYOOaJJmpZDpH4sqWAM1hVvZGTzGXna
LIWNHrg7k/1QV8FAojYfWouTVYmAElhFCAy+CdfxQ6mxwBWJGssaf3YWRkZ9lQxJ
vGQ8zIpU2QEewZmmJjOz3Hi0f7hioleKYHk5DFLDrQ0aNk9MLJBgQ0AQFr0lvN4E
AJMY3cbC2Zhqd1mblKvQ8wunBgQMtkPbLNMRZFhST1+TZrzVT2Uf+sRto2pSdyGU
ImU8Ha39sPy6Wbog2AYvLZ3/4DIsj912li8gaov5yAy1gb3XKcvnBKtulnGbV4qw
ahcIMjbRzBQITyqJnG7DuJQAQRGnZhvKHCFBshXEJSyu0lMBJNu8XVpNJa7q7dfl
4bfIw6geL2dzOzatAoyDKsGjvZ/qoViwn+AJNhC/fydE/y88k/eC/YSdXyQA5OxE
8XUGBLzjoEZv5ET9XMZX+iWbs/itcA==
=jkZK</x>
</message>
CenterICQ always looks for the first <x> Tag and checks if this first
tag contains an attribute "xmlns="jabber:x:encrypted". If not, it assumes
that the messages is not encrypted. The second <x> Tag with the encrypted
content is unfortunately not looked at.
I have created a patch which should fix the problem, search for any tag
like <x xmlns="jabber:x:encrypted"> and ignore the <x xmlns="jabber:x:event">
tags for the decryption of messages.
The patch does the same for <x xmlns="jabber:x:signed">, because it is
always possible to have several <x> Tags inside a <message> tree.
See also my report on the centericq mailinglist:
http://article.gmane.org/gmane.network.centericq/3508
Thanks,
Daniel.
-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.11-9-amd64-k8
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages centericq depends on:
ii centericq-common 4.20.0-4 A text-mode multi-protocol instant
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libcurl3 7.13.2-2 Multi-protocol file transfer libra
ii libgcc1 1:3.4.3-12 GCC support library
ii libgnutls11 1.0.16-9 GNU TLS library - runtime library
ii libgpg-error0 1.0-1 library for common error values an
ii libgpgme11 1.0.2-1 GPGME - GnuPG Made Easy
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libncurses5 5.4-4 Shared libraries for terminal hand
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libstdc++5 1:3.3.5-12 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.2-4 compression library - runtime
diff -ru centericq-4.20.0.orig/src/hooks/jabberhook.cc centericq-4.20.0/src/hooks/jabberhook.cc
--- centericq-4.20.0.orig/src/hooks/jabberhook.cc 2005-01-27 00:52:48.000000000 +0100
+++ centericq-4.20.0/src/hooks/jabberhook.cc 2005-05-20 15:04:06.000000000 +0200
@@ -1365,11 +1365,14 @@
body = (string) xmlnode_get_data (x) + ": " + body;
}
- if(x = xmlnode_get_tag(packet->x, "x"))
- if(p = xmlnode_get_attrib(x, "xmlns"))
- if((string) p == "jabber:x:encrypted")
- if(p = xmlnode_get_data(x))
- enc = p;
+ /* only use <x xmlns="jabber:x:encrypted"> tag for decryption
+ * and ignore other <x> tags in the message body */
+ if ( (x = xmlnode_get_tag(packet->x, "x?xmlns=jabber:x:encrypted")) ) {
+ if ( (p = xmlnode_get_attrib(x, "xmlns")) )
+ if ( ((string) p == "jabber:x:encrypted") )
+ if ( (p = xmlnode_get_data(x)) )
+ enc = p;
+ }
if(!body.empty())
jhook.gotmessage(type, from, body, enc);
@@ -1578,7 +1581,9 @@
jhook.awaymsgs[ic.nickname] = p;
#ifdef HAVE_GPGME
- if(x = xmlnode_get_tag(packet->x, "x"))
+ /* get signature from <x xmlns="jabber:x:signed"> tag
+ * and ignore other <x> tags */
+ if(x = xmlnode_get_tag(packet->x, "x?xmlns=jabber:x:signed"))
if(p = xmlnode_get_attrib(x, "xmlns"))
if((string) p == "jabber:x:signed")
if(p = xmlnode_get_data(x))
