OTR should close a session, if the other chat partner logs out

Bug #307964 reported by goto
38
This bug affects 6 people
Affects Status Importance Assigned to Milestone
pidgin-otr (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: pidgin-otr

Hello,
just had some problem while using OTR. I tested a bit around and found out, that Pidgin-OTR does not close the OTR-session when the other partner logs out. This results in a big mess. One example:
There is a working OTR-Session.
One chat partner closes pidgin. He restarts it and opens a chat to the partner, he was writing to.
Now in his chat windows it sais "Not private" and in the other (who has not quited pidgin) it still says "Private". Now the one who restarted pidgin sends the other a message. And with this message he starts to initiate an OTR-session. Now there come the problems:
(22:07:40) Successfully refreshed the private conversation with xxx //seems good so far
(22:07:40) OTR Error: You sent encrypted data to xxx, , who wasn't expecting it. //oh, that's bad.

Actually those two clients should negotiate a new session. Butoften this does not work and there are more and more messages that the other could not read something and was needed to resend and the other one tried to make a new session and so on. I had these problem a few times.

I think it would be the best, if a session gets ended automatically, if the other contact (or one self) logs out. There is no need to keep the session up. It only makes confusion, if one contact writes later with another session.
Thanks for reading! :)

Edit: Sorry, forgot something again:
I am on 64 bit Intrepid and I think this shall be wishlist.

goto (gotolaunchpad)
description: updated
goto (gotolaunchpad)
description: updated
Revision history for this message
jasonwc (jwittlincohen) wrote :

I can confirm this behavior on both Ubuntu Intrepid and Windows XP SP3 using pidgin 2.5.2/3 and pidgin-otr 3.2.0. I describe OTR's handling here: http://lists.cypherpunks.ca/pipermail/otr-users/2008-December/001562.html

goto (gotolaunchpad)
Changed in pidgin-otr:
status: New → Confirmed
Brian Curtis (bcurtiswx)
Changed in pidgin-otr (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Michael Faath (michael.faath) wrote :

This bug annoyed me too, so I wrote a small patch to close the session if your peer ends the encrypted conversation. Maybe the message if the other peer ends the session should be changed, at the moment it states: "xx has ended his/her private conversation with you; you should do the same.", but with this patch this is no longer necessary.

This patch should be applied to pidgin-otr-3.2.0-5.

tags: added: patch
Revision history for this message
Jeff Davis (jdavis-sitka) wrote :

This bug has been open for three years and is still not resolved. It continues to affect me regularly.

I tried the patch but it did not fix the problem for me.

Revision history for this message
Howard Chu (hyc) wrote :

I've noticed this problem as well. It looks to me like the OTR plugin isn't actually sending a signoff message to the peer when you end a session. Haven't tracked down why just yet.

Revision history for this message
Michael Faath (michael.faath) wrote :

I talked with Jeff Davis, he thought my patch would fix another problem so the fix still works for the problem described in the first posting.

Howard Chu: "It looks to me like the OTR plugin isn't actually sending a signoff message to the peer when you end a session."
Internally the Plugin realizes the other side closed the session and prints a message that this happened, but does nothing further. I came to the realization that this is not a missing feature but probably intended. Think of this scenario: A chats with B with an active OTR session. They are talking about confidential material. Now A signs off (client crash, connection loss, or he just closed Pidgin). What if B sends a message right after that without realizing A signed off?

With my patch B ends the OTR session immediately and sends the message unencrypted (break of confidentiality) , without the patch the OTR session for B would still be active, the message would be sent encrypted (and therefor A probably couldn't read it if he comes back online, but that is no break of confidentiality).

Revision history for this message
Howard Chu (hyc) wrote :

Ah, makes sense.

Also re: my previous comment, this was only a problem for a private message IRC conversation. For regular IM chats the signoff message is sent without trouble. Looking at the code, the reason is that libotr tries to lookup the buddy associated with a conversation, so it can then query if the buddy is still signed on, to decide whether to send the signoff message. But for IRC PMs there is no buddy in your buddy list, so the check fails and the signoff message is skipped.

Revision history for this message
Csabi (csabi-m) wrote :

Hi guys,

I still have this problem, basically my sessions never close.
Not if partner logs off, not if I restart pidgin.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers