Software / code / prosody
Annotate
core/s2smanager.lua @ 12181:783056b4e448 0.11 0.11.12
util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Mon, 10 Jan 2022 18:23:54 +0100 |
| parent | 8675:d3d74e923e4e |
| child | 9787:6625efab91e2 |
| rev | line source |
|---|---|
|
1523
841d61be198f
Remove version number from copyright headers
Matthew Wild <mwild1@gmail.com>
parents:
1492
diff
changeset
|
1 -- Prosody IM |
|
2923
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2889
diff
changeset
|
2 -- Copyright (C) 2008-2010 Matthew Wild |
|
b7049746bd29
Update copyright headers for 2010
Matthew Wild <mwild1@gmail.com>
parents:
2889
diff
changeset
|
3 -- Copyright (C) 2008-2010 Waqas Hussain |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
4 -- |
| 758 | 5 -- This project is MIT/X11 licensed. Please see the |
| 6 -- COPYING file in the source package for more information. | |
|
519
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
7 -- |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
8 |
|
cccd610a0ef9
Insert copyright/license headers
Matthew Wild <mwild1@gmail.com>
parents:
451
diff
changeset
|
9 |
| 148 | 10 |
|
5366
c1357b7fbca3
s2smanager: Access prosody.hosts instead of hosts global directly
Matthew Wild <mwild1@gmail.com>
parents:
5362
diff
changeset
|
11 local hosts = prosody.hosts; |
|
5459
3a821511b9ec
sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
5447
diff
changeset
|
12 local tostring, pairs, setmetatable |
|
3a821511b9ec
sessionmanager, s2smanager: Remove unused imports
Matthew Wild <mwild1@gmail.com>
parents:
5447
diff
changeset
|
13 = tostring, pairs, setmetatable; |
| 148 | 14 |
| 15 local logger_init = require "util.logger".init; | |
| 16 | |
| 17 local log = logger_init("s2smanager"); | |
| 18 | |
|
3476
193bb0936a4e
s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents:
3459
diff
changeset
|
19 local prosody = _G.prosody; |
|
8675
d3d74e923e4e
s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
20 local incoming_s2s = {}; |
|
d3d74e923e4e
s2smanager: Explicitly export the incoming_s2s table [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8555
diff
changeset
|
21 _G.incoming_s2s = incoming_s2s; |
|
3476
193bb0936a4e
s2smanager: Fire s2s{in,out}-established when new s2s connections are ready
Matthew Wild <mwild1@gmail.com>
parents:
3459
diff
changeset
|
22 prosody.incoming_s2s = incoming_s2s; |
|
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
23 local fire_event = prosody.events.fire_event; |
|
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
24 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
25 local _ENV = nil; |
|
8555
4f0f5b49bb03
vairious: Add annotation when an empty environment is set [luacheck]
Kim Alvefur <zash@zash.se>
parents:
7950
diff
changeset
|
26 -- luacheck: std none |
| 148 | 27 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
28 local function new_incoming(conn) |
|
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
29 local session = { conn = conn, type = "s2sin_unauthed", direction = "incoming", hosts = {} }; |
|
5306
10bc0e2aa55e
s2smanager: Generate session names used for logging the same way everywhere
Kim Alvefur <zash@zash.se>
parents:
5105
diff
changeset
|
30 session.log = logger_init("s2sin"..tostring(session):match("[a-f0-9]+$")); |
|
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
31 incoming_s2s[session] = true; |
| 148 | 32 return session; |
| 33 end | |
| 34 | |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
35 local function new_outgoing(from_host, to_host) |
|
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
36 local host_session = { to_host = to_host, from_host = from_host, host = from_host, |
|
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
37 notopen = true, type = "s2sout_unauthed", direction = "outgoing" }; |
|
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
38 hosts[from_host].s2sout[to_host] = host_session; |
|
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
39 local conn_name = "s2sout"..tostring(host_session):match("[a-f0-9]*$"); |
|
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
40 host_session.log = logger_init(conn_name); |
|
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
41 return host_session; |
| 148 | 42 end |
| 43 | |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
44 local resting_session = { -- Resting, not dead |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
45 destroyed = true; |
|
2915
f47bd0f7e2e6
sessionmanager, s2smanager: Add type of ?2s_destroyed to resting sessions (fixes a logging traceback, thanks Flo)
Matthew Wild <mwild1@gmail.com>
parents:
2892
diff
changeset
|
46 type = "s2s_destroyed"; |
|
2748
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
47 open_stream = function (session) |
|
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
48 session.log("debug", "Attempt to open stream on resting session"); |
|
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
49 end; |
|
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
50 close = function (session) |
|
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
51 session.log("debug", "Attempt to close already-closed session"); |
|
85a242cd1bc4
s2smanager: Add open_stream and close methods to resting sessions
Matthew Wild <mwild1@gmail.com>
parents:
2747
diff
changeset
|
52 end; |
|
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
5776
diff
changeset
|
53 filter = function (type, data) return data; end; --luacheck: ignore 212/type |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
54 }; resting_session.__index = resting_session; |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
55 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
56 local function retire_session(session, reason) |
|
6663
d3023dd07cb6
portmanager, s2smanager, sessionmanager, stanza_router, storagemanager, usermanager, util.xml: Add luacheck annotations
Matthew Wild <mwild1@gmail.com>
parents:
5776
diff
changeset
|
57 local log = session.log or log; --luacheck: ignore 431/log |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
58 for k in pairs(session) do |
|
5447
92b88476873a
sessionmanager, s2smanager: Remove open_session tracing
Matthew Wild <mwild1@gmail.com>
parents:
5367
diff
changeset
|
59 if k ~= "log" and k ~= "id" and k ~= "conn" then |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
60 session[k] = nil; |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
61 end |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
62 end |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
63 |
|
4018
5061c8d41d89
s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents:
4017
diff
changeset
|
64 session.destruction_reason = reason; |
|
5061c8d41d89
s2smanager: retire_session(): Add a 'reason' parameter
Matthew Wild <mwild1@gmail.com>
parents:
4017
diff
changeset
|
65 |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
66 function session.send(data) log("debug", "Discarding data sent to resting session: %s", tostring(data)); end |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
67 function session.data(data) log("debug", "Discarding data received from resting session: %s", tostring(data)); end |
|
7452
d916703d5e18
s2smanager: Include a stub thread on destroyed sessions (thanks Link Mauve)
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
68 session.thread = { run = function (_, data) return session.data(data) end }; |
|
6691
c6c996410064
s2smanager: Make sure destroyed sessions have a sends2s method
Kim Alvefur <zash@zash.se>
parents:
5459
diff
changeset
|
69 session.sends2s = session.send; |
|
2746
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
70 return setmetatable(session, resting_session); |
|
3b9547fc0bed
sessionmanager, s2smanager: Destroyed sessions are now simply resting (not dead) until they are collected - prevents a whole class of tracebacks
Matthew Wild <mwild1@gmail.com>
parents:
2714
diff
changeset
|
71 end |
|
2857
6036c4b75235
sessionmanager, s2smanager: Give sessions dummy data handlers that log when data is received by a destroyed session
Matthew Wild <mwild1@gmail.com>
parents:
2712
diff
changeset
|
72 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
73 local function destroy_session(session, reason) |
|
2749
8dc5f3651501
s2smanager: Don't re-destroy destroyed sessions
Matthew Wild <mwild1@gmail.com>
parents:
2748
diff
changeset
|
74 if session.destroyed then return; end |
|
7947
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
75 (session.log or log)("debug", "Destroying "..tostring(session.direction) |
|
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
76 .." session "..tostring(session.from_host).."->"..tostring(session.to_host) |
|
24170d74b00b
core: Split some very long lines [luacheck]
Kim Alvefur <zash@zash.se>
parents:
6779
diff
changeset
|
77 ..(reason and (": "..reason) or "")); |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
78 |
|
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
79 if session.direction == "outgoing" then |
|
260
182f0c895676
Now outgoing s2s sessions are associated with their from_host, fixes #15
Matthew Wild <mwild1@gmail.com>
parents:
259
diff
changeset
|
80 hosts[session.from_host].s2sout[session.to_host] = nil; |
|
4555
3dce04129693
s2smanager, mod_s2s, mod_s2s/s2sout: Split connection handling out of s2smanager into mod_s2s, and further split connection logic for s2sout to a module lib, s2sout.lib.lua
Matthew Wild <mwild1@gmail.com>
parents:
4461
diff
changeset
|
81 session:bounce_sendq(reason); |
|
621
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
82 elseif session.direction == "incoming" then |
|
cd2cab5400fc
Add support for dialback piggy-backing. Fixes #37. Thanks to CShadowRun for helping me test :)
Matthew Wild <mwild1@gmail.com>
parents:
615
diff
changeset
|
83 incoming_s2s[session] = nil; |
|
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
84 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
85 |
|
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
86 local event_data = { session = session, reason = reason }; |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
87 if session.type == "s2sout" then |
|
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
88 fire_event("s2sout-destroyed", event_data); |
|
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
89 if hosts[session.from_host] then |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
90 hosts[session.from_host].events.fire_event("s2sout-destroyed", event_data); |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
91 end |
|
3489
1b76d18e8045
s2smanager: Don't fire s2sin-destroyed for sessions that were never fully established (thanks Thomas)
Matthew Wild <mwild1@gmail.com>
parents:
3488
diff
changeset
|
92 elseif session.type == "s2sin" then |
|
5349
0d11e393201f
s2smanager: Use unused local, reduce table indexing
Kim Alvefur <zash@zash.se>
parents:
5306
diff
changeset
|
93 fire_event("s2sin-destroyed", event_data); |
|
3488
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
94 if hosts[session.to_host] then |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
95 hosts[session.to_host].events.fire_event("s2sin-destroyed", event_data); |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
96 end |
|
4f3fc5f9d944
s2smanager: Fire s2s{in,out}-destroyed when s2s connections are destroyed
Matthew Wild <mwild1@gmail.com>
parents:
3476
diff
changeset
|
97 end |
|
5776
bd0ff8ae98a8
Remove all trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
5459
diff
changeset
|
98 |
|
4019
80aa47c009f0
s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents:
4018
diff
changeset
|
99 retire_session(session, reason); -- Clean session until it is GC'd |
|
80aa47c009f0
s2smanager: destroy_session(): Pass reason to retire_session() and return true on successful destruction
Matthew Wild <mwild1@gmail.com>
parents:
4018
diff
changeset
|
100 return true; |
|
164
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
101 end |
|
8dc1faa5b1df
other half of previous commit
Matthew Wild <mwild1@gmail.com>
parents:
162
diff
changeset
|
102 |
|
6779
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
103 return { |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
104 incoming_s2s = incoming_s2s; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
105 new_incoming = new_incoming; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
106 new_outgoing = new_outgoing; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
107 retire_session = retire_session; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
108 destroy_session = destroy_session; |
|
6236668da30a
core.*: Remove use of module() function
Kim Alvefur <zash@zash.se>
parents:
6692
diff
changeset
|
109 }; |
