Software /
code /
prosody
Comparison
core/stanza_router.lua @ 6401:e3de64f7c44d
core.stanza_router: Stricter validation of stanzas
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 09 Sep 2014 14:42:10 +0200 |
parent | 5012:d59c842fe38e |
child | 6402:b058486e6a79 |
child | 6558:461217c45a18 |
comparison
equal
deleted
inserted
replaced
6386:f942cf2a9a03 | 6401:e3de64f7c44d |
---|---|
27 end | 27 end |
28 deprecated_warning"core_post_stanza"; | 28 deprecated_warning"core_post_stanza"; |
29 deprecated_warning"core_process_stanza"; | 29 deprecated_warning"core_process_stanza"; |
30 deprecated_warning"core_route_stanza"; | 30 deprecated_warning"core_route_stanza"; |
31 | 31 |
32 local valid_stanzas = { message = true, presence = true, iq = true }; | |
32 local function handle_unhandled_stanza(host, origin, stanza) | 33 local function handle_unhandled_stanza(host, origin, stanza) |
33 local name, xmlns, origin_type = stanza.name, stanza.attr.xmlns or "jabber:client", origin.type; | 34 local name, xmlns, origin_type = stanza.name, stanza.attr.xmlns or "jabber:client", origin.type; |
34 if name == "iq" and xmlns == "jabber:client" then | 35 if xmlns == "jabber:client" and valid_stanzas[name] then |
35 if stanza.attr.type == "get" or stanza.attr.type == "set" then | 36 -- A normal stanza |
37 local st_type = stanza.attr.type; | |
38 if st_type == "error" or (name == "iq" and st_type == "result") then | |
39 log("debug", "Discarding %s from %s of type: %s", name, origin_type, st_type or '<nil>'); | |
40 return; | |
41 end | |
42 if name == "iq" and (st_type == "get" or st_type == "set") and stanza.tags[1] then | |
36 xmlns = stanza.tags[1].attr.xmlns or "jabber:client"; | 43 xmlns = stanza.tags[1].attr.xmlns or "jabber:client"; |
37 log("debug", "Stanza of type %s from %s has xmlns: %s", name, origin_type, xmlns); | 44 end |
38 else | 45 log("debug", "Unhandled %s stanza: %s; xmlns=%s", origin_type, name, xmlns); |
39 log("debug", "Discarding %s from %s of type: %s", name, origin_type, stanza.attr.type); | 46 if origin.send then |
40 return true; | |
41 end | |
42 end | |
43 if stanza.attr.xmlns == nil and origin.send then | |
44 log("debug", "Unhandled %s stanza: %s; xmlns=%s", origin.type, stanza.name, xmlns); -- we didn't handle it | |
45 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then | |
46 origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); | 47 origin.send(st.error_reply(stanza, "cancel", "service-unavailable")); |
47 end | 48 end |
48 elseif not((name == "features" or name == "error") and xmlns == "http://etherx.jabber.org/streams") then -- FIXME remove check once we handle S2S features | 49 elseif not((name == "features" or name == "error") and xmlns == "http://etherx.jabber.org/streams") then -- FIXME remove check once we handle S2S features |
49 log("warn", "Unhandled %s stream element or stanza: %s; xmlns=%s: %s", origin.type, stanza.name, xmlns, tostring(stanza)); -- we didn't handle it | 50 log("warn", "Unhandled %s stream element or stanza: %s; xmlns=%s: %s", origin_type, name, xmlns, tostring(stanza)); -- we didn't handle it |
50 origin:close("unsupported-stanza-type"); | 51 origin:close("unsupported-stanza-type"); |
51 end | 52 end |
52 end | 53 end |
53 | 54 |
54 local iq_types = { set=true, get=true, result=true, error=true }; | 55 local iq_types = { set=true, get=true, result=true, error=true }; |
55 function core_process_stanza(origin, stanza) | 56 function core_process_stanza(origin, stanza) |
56 (origin.log or log)("debug", "Received[%s]: %s", origin.type, stanza:top_tag()) | 57 (origin.log or log)("debug", "Received[%s]: %s", origin.type, stanza:top_tag()) |
57 | 58 |
58 -- TODO verify validity of stanza (as well as JID validity) | |
59 if stanza.attr.type == "error" and #stanza.tags == 0 then return; end -- TODO invalid stanza, log | |
60 if stanza.name == "iq" then | |
61 if not stanza.attr.id then stanza.attr.id = ""; end -- COMPAT Jabiru doesn't send the id attribute on roster requests | |
62 if not iq_types[stanza.attr.type] or ((stanza.attr.type == "set" or stanza.attr.type == "get") and (#stanza.tags ~= 1)) then | |
63 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid IQ type or incorrect number of children")); | |
64 return; | |
65 end | |
66 end | |
67 | |
68 if origin.type == "c2s" and not stanza.attr.xmlns then | 59 if origin.type == "c2s" and not stanza.attr.xmlns then |
60 local name, st_type = stanza.name, stanza.attr.type; | |
61 if st_type == "error" and #stanza.tags == 0 then | |
62 return handle_unhandled_stanza(origin.host, origin, stanza); | |
63 end | |
64 if name == "iq" then | |
65 if not stanza.attr.id then stanza.attr.id = ""; end -- COMPAT Jabiru doesn't send the id attribute on roster requests | |
66 if not iq_types[st_type] or (st_type ~= "result" and #stanza.tags ~= 1) then | |
67 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid IQ type or incorrect number of children")); | |
68 return; | |
69 end | |
70 end | |
71 | |
69 if not origin.full_jid | 72 if not origin.full_jid |
70 and not(stanza.name == "iq" and stanza.attr.type == "set" and stanza.tags[1] and stanza.tags[1].name == "bind" | 73 and not(name == "iq" and st_type == "set" and stanza.tags[1] and stanza.tags[1].name == "bind" |
71 and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then | 74 and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then |
72 -- authenticated client isn't bound and current stanza is not a bind request | 75 -- authenticated client isn't bound and current stanza is not a bind request |
73 if stanza.attr.type ~= "result" and stanza.attr.type ~= "error" then | 76 if stanza.attr.type ~= "result" and stanza.attr.type ~= "error" then |
74 origin.send(st.error_reply(stanza, "auth", "not-authorized")); -- FIXME maybe allow stanzas to account or server | 77 origin.send(st.error_reply(stanza, "auth", "not-authorized")); -- FIXME maybe allow stanzas to account or server |
75 end | 78 end |