# HG changeset patch # User Matthew Wild # Date 1228442577 0 # Node ID c9b3ffb08fe3a0c8cb674a5a93dca61e1902610c # Parent 624367a765cda9a313a6c42ae195c2abc26d7e62 Disconnect with stream errors on bad XML, or invalid stream namespace diff -r 624367a765cd -r c9b3ffb08fe3 core/xmlhandlers.lua --- a/core/xmlhandlers.lua Fri Dec 05 02:02:40 2008 +0000 +++ b/core/xmlhandlers.lua Fri Dec 05 02:02:57 2008 +0000 @@ -57,9 +57,11 @@ local cb_streamopened = stream_callbacks.streamopened; local cb_streamclosed = stream_callbacks.streamclosed; - local cb_error = stream_callbacks.error or function (e) error("XML stream error: "..tostring(e)); end; + local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end; local cb_handlestanza = stream_callbacks.handlestanza; + local stream_ns = stream_callbacks.ns; + local stanza function xml_handlers:StartElement(name, attr) if stanza and #chardata > 0 then @@ -89,18 +91,18 @@ if not stanza then --if we are not currently inside a stanza if session.notopen then - if name == "stream" then + if name == "stream" and curr_ns == stream_ns then if cb_streamopened then cb_streamopened(session, attr); end else -- Garbage before stream? - cb_error("no-stream"); + cb_error(session, "no-stream"); end return; end if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then - cb_error("invalid-top-level-element"); + cb_error(session, "invalid-top-level-element"); end stanza = st.stanza(name, attr); @@ -127,9 +129,9 @@ end return; elseif name == "error" then - cb_error("stream-error", stanza); + cb_error(session, "stream-error", stanza); else - cb_error("parse-error", "unexpected-element-close", name); + cb_error(session, "parse-error", "unexpected-element-close", name); end end if stanza and #chardata > 0 then diff -r 624367a765cd -r c9b3ffb08fe3 net/xmppclient_listener.lua --- a/net/xmppclient_listener.lua Fri Dec 05 02:02:40 2008 +0000 +++ b/net/xmppclient_listener.lua Fri Dec 05 02:02:57 2008 +0000 @@ -36,7 +36,16 @@ local sm_streamclosed = sessionmanager.streamclosed; local st = stanza; -local stream_callbacks = { streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza }; +local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza }; + +function stream_callbacks.error(session, error, data) + if error == "no-stream" then + session:close("invalid-namespace"); + else + session.log("debug", "Client XML parse error: %s", tostring(error)); + session:close("xml-not-well-formed"); + end +end local sessions = {}; local xmppclient = { default_port = 5222, default_mode = "*a" }; @@ -51,8 +60,11 @@ session.notopen = true; function session.data(conn, data) - parser:parse(data); + local ok, err = parser:parse(data); + if ok then return; end + session:close("xml-not-well-formed"); end + return true; end diff -r 624367a765cd -r c9b3ffb08fe3 net/xmppserver_listener.lua --- a/net/xmppserver_listener.lua Fri Dec 05 02:02:40 2008 +0000 +++ b/net/xmppserver_listener.lua Fri Dec 05 02:02:57 2008 +0000 @@ -28,7 +28,16 @@ local s2s_streamclosed = require "core.s2smanager".streamclosed; local s2s_destroy_session = require "core.s2smanager".destroy_session; local s2s_attempt_connect = require "core.s2smanager".attempt_connection; -local stream_callbacks = { streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza }; +local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza }; + +function stream_callbacks.error(session, error, data) + if error == "no-stream" then + session:close("invalid-namespace"); + else + session.log("debug", "Server-to-server XML parse error: %s", tostring(error)); + session:close("xml-not-well-formed"); + end +end local connlisteners_register = require "net.connlisteners".register; @@ -53,8 +62,11 @@ session.notopen = true; function session.data(conn, data) - parser:parse(data); + local ok, err = parser:parse(data); + if ok then return; end + session:close("xml-not-well-formed"); end + return true; end