Changeset

557:c9b3ffb08fe3

Disconnect with stream errors on bad XML, or invalid stream namespace
author Matthew Wild <mwild1@gmail.com>
date Fri, 05 Dec 2008 02:02:57 +0000 (2008-12-05)
parents 556:624367a765cd
children 558:ab3960421356
files core/xmlhandlers.lua net/xmppclient_listener.lua net/xmppserver_listener.lua
diffstat 3 files changed, 36 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/core/xmlhandlers.lua	Fri Dec 05 02:02:40 2008 +0000
+++ b/core/xmlhandlers.lua	Fri Dec 05 02:02:57 2008 +0000
@@ -57,9 +57,11 @@
 		
 		local cb_streamopened = stream_callbacks.streamopened;
 		local cb_streamclosed = stream_callbacks.streamclosed;
-		local cb_error = stream_callbacks.error or function (e) error("XML stream error: "..tostring(e)); end;
+		local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end;
 		local cb_handlestanza = stream_callbacks.handlestanza;
 		
+		local stream_ns = stream_callbacks.ns;
+		
 		local stanza
 		function xml_handlers:StartElement(name, attr)
 			if stanza and #chardata > 0 then
@@ -89,18 +91,18 @@
 			
 			if not stanza then --if we are not currently inside a stanza
 				if session.notopen then
-					if name == "stream" then
+					if name == "stream" and curr_ns == stream_ns then
 						if cb_streamopened then
 							cb_streamopened(session, attr);
 						end
 					else
 						-- Garbage before stream?
-						cb_error("no-stream");
+						cb_error(session, "no-stream");
 					end
 					return;
 				end
 				if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
-					cb_error("invalid-top-level-element");
+					cb_error(session, "invalid-top-level-element");
 				end
 				
 				stanza = st.stanza(name, attr);
@@ -127,9 +129,9 @@
 					end
 					return;
 				elseif name == "error" then
-					cb_error("stream-error", stanza);
+					cb_error(session, "stream-error", stanza);
 				else
-					cb_error("parse-error", "unexpected-element-close", name);
+					cb_error(session, "parse-error", "unexpected-element-close", name);
 				end
 			end
 			if stanza and #chardata > 0 then
--- a/net/xmppclient_listener.lua	Fri Dec 05 02:02:40 2008 +0000
+++ b/net/xmppclient_listener.lua	Fri Dec 05 02:02:57 2008 +0000
@@ -36,7 +36,16 @@
 local sm_streamclosed = sessionmanager.streamclosed;
 local st = stanza;
 
-local stream_callbacks = { streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+	if error == "no-stream" then
+		session:close("invalid-namespace");
+	else
+		session.log("debug", "Client XML parse error: %s", tostring(error));
+		session:close("xml-not-well-formed");
+	end
+end
 
 local sessions = {};
 local xmppclient = { default_port = 5222, default_mode = "*a" };
@@ -51,8 +60,11 @@
 		session.notopen = true;
 		
 		function session.data(conn, data)
-			parser:parse(data);
+			local ok, err = parser:parse(data);
+			if ok then return; end
+			session:close("xml-not-well-formed");
 		end
+		
 		return true;
 end
 
--- a/net/xmppserver_listener.lua	Fri Dec 05 02:02:40 2008 +0000
+++ b/net/xmppserver_listener.lua	Fri Dec 05 02:02:57 2008 +0000
@@ -28,7 +28,16 @@
 local s2s_streamclosed = require "core.s2smanager".streamclosed;
 local s2s_destroy_session = require "core.s2smanager".destroy_session;
 local s2s_attempt_connect = require "core.s2smanager".attempt_connection;
-local stream_callbacks = { streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza =  core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza =  core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+	if error == "no-stream" then
+		session:close("invalid-namespace");
+	else
+		session.log("debug", "Server-to-server XML parse error: %s", tostring(error));
+		session:close("xml-not-well-formed");
+	end
+end
 
 local connlisteners_register = require "net.connlisteners".register;
 
@@ -53,8 +62,11 @@
 		session.notopen = true;
 		
 		function session.data(conn, data)
-			parser:parse(data);
+			local ok, err = parser:parse(data);
+			if ok then return; end
+			session:close("xml-not-well-formed");
 		end
+		
 		return true;
 end