JSJaCPacket.appendNode() is not passing current namespace to
buildNode() (due to missing argument, probably a typo) so every node
appended without namespace will end up with xmlns="" on IE9.
This causes a nice denial of service, since by default many clients
(including simpleclient from examples) will try to use errorReply on
unknown iq packets which will trigger this bug. So sending anyone on
IE9 random iq packet will cause that client to disconnect from server.
Fix it by correctly passing namespace to buildNode(). Additionally,
set proper namespace on error condition element.
JSJaCPacket.appendNode() is not passing current namespace to buildNode() (due to missing argument, probably a typo) so every node appended without namespace will end up with xmlns="" on IE9.
This causes a nice denial of service, since by default many clients (including simpleclient from examples) will try to use errorReply on unknown iq packets which will trigger this bug. So sending anyone on IE9 random iq packet will cause that client to disconnect from server.
Fix it by correctly passing namespace to buildNode(). Additionally, set proper namespace on error condition element.