Compare commits

..

1 Commits

Author SHA1 Message Date
3610f18d7d fix(xmpp): obfuscate client identity in protocol exchanges
All checks were successful
CI Code / Check spelling (pull_request) Successful in 12s
CI Code / Check coding style (pull_request) Successful in 24s
CI Code / Code Coverage (pull_request) Successful in 3m36s
CI Code / Linux (debian) (pull_request) Successful in 5m14s
CI Code / Linux (ubuntu) (pull_request) Successful in 5m20s
CI Code / Linux (arch) (pull_request) Successful in 6m58s
Modify version responses to return a generic client name and omit
version strings. Drop the "profanity." prefix from dynamically
generated JID resources. Spoof the XEP-0115 capabilities node URI to
prevent service discovery/presence fingerprinting. These adjustments
reduce the client's attack surface by minimizing identifiable metadata.
2026-07-10 08:20:25 +00:00

View File

@@ -936,18 +936,14 @@ stanza_create_caps_query_element(xmpp_ctx_t* ctx)
ProfAccount* account = accounts_get_account(session_get_account_name());
gchar* client = account->client;
bool is_custom_client = client != NULL;
GString* name_str = g_string_new(is_custom_client ? client : "Pidgin");
account_free(account);
auto_gchar gchar* name = g_strdup(client ? client : "Pidgin");
if (client) {
gchar* space = strchr(name, ' ');
if (space) {
*space = '\0';
}
}
xmpp_stanza_set_attribute(identity, "name", name);
xmpp_stanza_set_attribute(identity, "name", name_str->str);
g_string_free(name_str, TRUE);
xmpp_stanza_add_child(query, identity);
xmpp_stanza_release(identity);