We're updating the issue view to help you get more done. 

Ignore presence stanza of type "subscribed" without previous subscription request

Description

Upon receiving the presence stanza of type "subscribed" addressed to the user, the user's server MUST first verify that the contact is in the user's roster with either of the following states:

  1. subscription='none' and ask='subscribe' , or

  2. subscription='from' and ask='subscribe'.

If the contact is not in the user's roster with either of those states, the user's server MUST silently ignore the presence stanza of type "subscribed" (i.e., it MUST NOT route it to the user, modify the user's roster, or generate a roster push to the user's available resources).

Related thread:
http://www.jivesoftware.org/forums/thread.jspa?threadID=15606&tstart=15

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Gaston Dombiak
September 2, 2005, 4:57 AM

The added contact is not being affected by the presence stanza of type "subscribed". The user that is sending the presence stanza of type "subscribed" is the one that is having a new roster item in his roster.

I'm moving this issue to 2.3.0 since this is not a roster exploit issue.

alexander wenckus
September 2, 2005, 9:19 PM

Intresting. I just upgraded to 2.2.1 and i am still experiencing the issue, if you have some time PM me and I can give you an account on my server so I can demonstrate for you. Hopefully I am not waisting all of your time on a wild goose chase

Guus der Kinderen
August 25, 2009, 2:23 AM

Dug up this issue from the archived project, because of renewed activity that appears to be related to this issue on http://www.igniterealtime.org/community/message/195334

Ian McEwan
October 6, 2009, 7:03 PM

Actually I probably should have put this comment here since this is the major priority.

Referencing http://www.igniterealtime.org/community/thread/39630.

In my opinion,

org.jivesoftware.openfire.handler.PresenceSubscribeHandler line 141should be removed.

//deliverer.deliver(reply)

Guus der Kinderen
January 3, 2010, 1:12 AM

I am resolving this issue. The latest issue was fixed as part of OF-38.

Fixed

Assignee

Guus der Kinderen

Reporter

Gaston Dombiak

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure