Don't allow others to close random tubes
Submitted by Jonny Lamb
Assigned to Telepathy bugs list
(From bug #32612 comment 6):
+private_tubes_factory_tube_close_cb ( ...
- if (!tube_msg_checks (self, msg, node, NULL, &tube_id))
- return FALSE;
Er, this function allows Alice to close tubes between us and Bob, if she can guess or brute-force the tube ID. Pre-existing bug?
- DEBUG ("tube ID already in use; do not open the offered tube and close "
- "the existing tube if it's to the same contact");
Not a merge blocker and presumably not your fault, but these semantics are crazy. We should have a separate tube ID "namespace" per peer, and store tubes in the hash table by (handle, id) tuples or something.
Version: git master