Software / code / prosody
Annotate
plugins/adhoc/adhoc.lib.lua @ 12181:783056b4e448 0.11 0.11.12
util.xml: Do not allow doctypes, comments or processing instructions
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Mon, 10 Jan 2022 18:23:54 +0100 |
| parent | 8472:d88dc6827675 |
| child | 10565:421b2f8369fd |
| rev | line source |
|---|---|
|
3230
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
1 -- Copyright (C) 2009-2010 Florian Zeitz |
|
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
2 -- |
|
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
3 -- This file is MIT/X11 licensed. Please see the |
|
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
4 -- COPYING file in the source package for more information. |
|
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
5 -- |
|
a5c3a82d677e
mod_adhoc/adhoc.lib: Add copyright header
Matthew Wild <mwild1@gmail.com>
parents:
3229
diff
changeset
|
6 |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 local st, uuid = require "util.stanza", require "util.uuid"; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 local xmlns_cmd = "http://jabber.org/protocol/commands"; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 local states = {} |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local _M = {}; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 |
|
4975
6f689c155186
adhoc.lib: Make some globals local
Kim Alvefur <zash@zash.se>
parents:
4860
diff
changeset
|
15 local function _cmdtag(desc, status, sessionid, action) |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 local cmd = st.stanza("command", { xmlns = xmlns_cmd, node = desc.node, status = status }); |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 if sessionid then cmd.attr.sessionid = sessionid; end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 if action then cmd.attr.action = action; end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 return cmd; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 function _M.new(name, node, handler, permission) |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 return { name = name, node = node, handler = handler, cmdtag = _cmdtag, permission = (permission or "user") }; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 function _M.handle_cmd(command, origin, stanza) |
|
8471
a6f58305411e
Backed out changeset 84c117cdd048, broke things
Kim Alvefur <zash@zash.se>
parents:
8459
diff
changeset
|
28 local cmdtag = stanza.tags[1] |
|
a6f58305411e
Backed out changeset 84c117cdd048, broke things
Kim Alvefur <zash@zash.se>
parents:
8459
diff
changeset
|
29 local sessionid = cmdtag.attr.sessionid or uuid.generate(); |
|
7951
2b91da49285a
mod_adhoc/adhoc.lib: instantiate table with all fields
Kim Alvefur <zash@zash.se>
parents:
6302
diff
changeset
|
30 local dataIn = { |
|
2b91da49285a
mod_adhoc/adhoc.lib: instantiate table with all fields
Kim Alvefur <zash@zash.se>
parents:
6302
diff
changeset
|
31 to = stanza.attr.to; |
|
2b91da49285a
mod_adhoc/adhoc.lib: instantiate table with all fields
Kim Alvefur <zash@zash.se>
parents:
6302
diff
changeset
|
32 from = stanza.attr.from; |
|
8471
a6f58305411e
Backed out changeset 84c117cdd048, broke things
Kim Alvefur <zash@zash.se>
parents:
8459
diff
changeset
|
33 action = cmdtag.attr.action or "execute"; |
|
a6f58305411e
Backed out changeset 84c117cdd048, broke things
Kim Alvefur <zash@zash.se>
parents:
8459
diff
changeset
|
34 form = cmdtag:get_child("x", "jabber:x:data"); |
|
7951
2b91da49285a
mod_adhoc/adhoc.lib: instantiate table with all fields
Kim Alvefur <zash@zash.se>
parents:
6302
diff
changeset
|
35 }; |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 local data, state = command:handler(dataIn, states[sessionid]); |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 states[sessionid] = state; |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
39 local cmdreply; |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 if data.status == "completed" then |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 states[sessionid] = nil; |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
42 cmdreply = command:cmdtag("completed", sessionid); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 elseif data.status == "canceled" then |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 states[sessionid] = nil; |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
45 cmdreply = command:cmdtag("canceled", sessionid); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 elseif data.status == "error" then |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 states[sessionid] = nil; |
|
5758
ebc074918173
adhoc.lib: Don't build error reply from reply stanza
Kim Alvefur <zash@zash.se>
parents:
5075
diff
changeset
|
48 local reply = st.error_reply(stanza, data.error.type, data.error.condition, data.error.message); |
|
ebc074918173
adhoc.lib: Don't build error reply from reply stanza
Kim Alvefur <zash@zash.se>
parents:
5075
diff
changeset
|
49 origin.send(reply); |
|
3229
0abb73c43bc8
mod_adhoc/adhoc.lib: Handle errors according to XEP
Matthew Wild <mwild1@gmail.com>
parents:
3220
diff
changeset
|
50 return true; |
|
3540
bc139431830b
Monster whitespace commit (beware the whitespace monster).
Waqas Hussain <waqas20@gmail.com>
parents:
3484
diff
changeset
|
51 else |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
52 cmdreply = command:cmdtag("executing", sessionid); |
|
4860
b66e73793cb7
adhoc.lib: Default actions to 'complete' (replacement for rev 52b6901cabb0)
Kim Alvefur <zash@zash.se>
parents:
4858
diff
changeset
|
53 data.actions = data.actions or { "complete" }; |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 for name, content in pairs(data) do |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 if name == "info" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
58 cmdreply:tag("note", {type="info"}):text(content):up(); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 elseif name == "warn" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
60 cmdreply:tag("note", {type="warn"}):text(content):up(); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 elseif name == "error" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
62 cmdreply:tag("note", {type="error"}):text(content.message):up(); |
|
5075
4d939d2b1574
mod_adhoc: Add support for specifying a default action
Florian Zeitz <florob@babelmonkeys.de>
parents:
4993
diff
changeset
|
63 elseif name == "actions" then |
|
4d939d2b1574
mod_adhoc: Add support for specifying a default action
Florian Zeitz <florob@babelmonkeys.de>
parents:
4993
diff
changeset
|
64 local actions = st.stanza("actions", { execute = content.default }); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 for _, action in ipairs(content) do |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 if (action == "prev") or (action == "next") or (action == "complete") then |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 actions:tag(action):up(); |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 else |
|
4993
5243b74a4cbb
Hopefully inert commit to clean up logging across a number of modules, removing all cases of concatenation when building log messages
Matthew Wild <mwild1@gmail.com>
parents:
4975
diff
changeset
|
69 module:log("error", "Command %q at node %q provided an invalid action %q", |
|
5243b74a4cbb
Hopefully inert commit to clean up logging across a number of modules, removing all cases of concatenation when building log messages
Matthew Wild <mwild1@gmail.com>
parents:
4975
diff
changeset
|
70 command.name, command.node, action); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 end |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
73 cmdreply:add_child(actions); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 elseif name == "form" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
75 cmdreply:add_child((content.layout or content):form(content.values)); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 elseif name == "result" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
77 cmdreply:add_child((content.layout or content):form(content.values, "result")); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 elseif name == "other" then |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
79 cmdreply:add_child(content); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 end |
|
5758
ebc074918173
adhoc.lib: Don't build error reply from reply stanza
Kim Alvefur <zash@zash.se>
parents:
5075
diff
changeset
|
82 local reply = st.reply(stanza); |
|
8472
d88dc6827675
adhoc.lib: Rename other variable to avoid name clash [luacheck]
Kim Alvefur <zash@zash.se>
parents:
8471
diff
changeset
|
83 reply:add_child(cmdreply); |
|
5758
ebc074918173
adhoc.lib: Don't build error reply from reply stanza
Kim Alvefur <zash@zash.se>
parents:
5075
diff
changeset
|
84 origin.send(reply); |
|
3220
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 return true; |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 end |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 |
|
b3772f9bc359
mod_adhoc: Imported from prosody-modules, thanks Florob!
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 return _M; |
