Ticket #3366 (closed defect: fixed)

Opened 17 months ago

Last modified 14 months ago

Cancelled file transfers still work

Reported by: patrys Owned by: asterix
Priority: normal Milestone: 0.11.3
Component: None Version: svn
Severity: major Keywords:
Cc: OS: All

Description

I just tried to send a file to a friend. He then mentioned that it might not work as he resides behind a strict NAT and asked me to send it using email. Here's what happened:

1. I initiate the file request in Gajim 2. He tells me to use email instead 3. I click 'cancel' and then 'clean' in the transfer list 4. I switch to Firefox to use GMail 5. A minute later I see a "transfer finished" popup 6. My friend confirms that the transfer was complete 7. I say 'WTF' ;)

This might seem like a little glitch but might be a serious security bug. If the file gets modified between clicking 'cancel' and starting actual transfer (up to the receiving party to pick the right moment), you might disclose critical information.

Attachments

connection_handlers.py.diff (420 bytes) - added by kingshivan at gmail 15 months ago.

Change History

Changed 17 months ago by steve-e

  • milestone set to 0.12

Changed 15 months ago by kingshivan at gmail

Changed 15 months ago by kingshivan at gmail

done ! patch attached

Changed 15 months ago by asterix

  • status changed from new to closed
  • resolution set to fixed

(In [8902]) [kingshivan] really cancel canceled file transfers. fixes #3366

Changed 15 months ago by asterix

nice ! Just a note for your future patches: use svn diff to create the .diff file ;)

Thanks anyway !

Changed 14 months ago by asterix

  • milestone changed from 0.12 to 0.11.3

Add/Change #3366 (Cancelled file transfers still work)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.