aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2008-12-05 02:02:57 +0000
committerMatthew Wild <mwild1@gmail.com>2008-12-05 02:02:57 +0000
commit7027c01125981f14eb4d117658036e20e0a8bccc (patch)
tree218b520b881b8cac75c206c8e1b58765066e7fa2
parentd55671436960cebe411a500062319203d7fcdd5e (diff)
downloadprosody-7027c01125981f14eb4d117658036e20e0a8bccc.tar.gz
prosody-7027c01125981f14eb4d117658036e20e0a8bccc.zip
Disconnect with stream errors on bad XML, or invalid stream namespace
-rw-r--r--core/xmlhandlers.lua14
-rw-r--r--net/xmppclient_listener.lua16
-rw-r--r--net/xmppserver_listener.lua16
3 files changed, 36 insertions, 10 deletions
diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index 2872a036..b4dd5479 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -57,9 +57,11 @@ function init_xmlhandlers(session, stream_callbacks)
local cb_streamopened = stream_callbacks.streamopened;
local cb_streamclosed = stream_callbacks.streamclosed;
- local cb_error = stream_callbacks.error or function (e) error("XML stream error: "..tostring(e)); end;
+ local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end;
local cb_handlestanza = stream_callbacks.handlestanza;
+ local stream_ns = stream_callbacks.ns;
+
local stanza
function xml_handlers:StartElement(name, attr)
if stanza and #chardata > 0 then
@@ -89,18 +91,18 @@ function init_xmlhandlers(session, stream_callbacks)
if not stanza then --if we are not currently inside a stanza
if session.notopen then
- if name == "stream" then
+ if name == "stream" and curr_ns == stream_ns then
if cb_streamopened then
cb_streamopened(session, attr);
end
else
-- Garbage before stream?
- cb_error("no-stream");
+ cb_error(session, "no-stream");
end
return;
end
if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
- cb_error("invalid-top-level-element");
+ cb_error(session, "invalid-top-level-element");
end
stanza = st.stanza(name, attr);
@@ -127,9 +129,9 @@ function init_xmlhandlers(session, stream_callbacks)
end
return;
elseif name == "error" then
- cb_error("stream-error", stanza);
+ cb_error(session, "stream-error", stanza);
else
- cb_error("parse-error", "unexpected-element-close", name);
+ cb_error(session, "parse-error", "unexpected-element-close", name);
end
end
if stanza and #chardata > 0 then
diff --git a/net/xmppclient_listener.lua b/net/xmppclient_listener.lua
index 470c23d2..33dcef10 100644
--- a/net/xmppclient_listener.lua
+++ b/net/xmppclient_listener.lua
@@ -36,7 +36,16 @@ local sm_streamopened = sessionmanager.streamopened;
local sm_streamclosed = sessionmanager.streamclosed;
local st = stanza;
-local stream_callbacks = { streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+ if error == "no-stream" then
+ session:close("invalid-namespace");
+ else
+ session.log("debug", "Client XML parse error: %s", tostring(error));
+ session:close("xml-not-well-formed");
+ end
+end
local sessions = {};
local xmppclient = { default_port = 5222, default_mode = "*a" };
@@ -51,8 +60,11 @@ local function session_reset_stream(session)
session.notopen = true;
function session.data(conn, data)
- parser:parse(data);
+ local ok, err = parser:parse(data);
+ if ok then return; end
+ session:close("xml-not-well-formed");
end
+
return true;
end
diff --git a/net/xmppserver_listener.lua b/net/xmppserver_listener.lua
index 4b41afbd..bdd3948d 100644
--- a/net/xmppserver_listener.lua
+++ b/net/xmppserver_listener.lua
@@ -28,7 +28,16 @@ local s2s_streamopened = require "core.s2smanager".streamopened;
local s2s_streamclosed = require "core.s2smanager".streamclosed;
local s2s_destroy_session = require "core.s2smanager".destroy_session;
local s2s_attempt_connect = require "core.s2smanager".attempt_connection;
-local stream_callbacks = { streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza = core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+ if error == "no-stream" then
+ session:close("invalid-namespace");
+ else
+ session.log("debug", "Server-to-server XML parse error: %s", tostring(error));
+ session:close("xml-not-well-formed");
+ end
+end
local connlisteners_register = require "net.connlisteners".register;
@@ -53,8 +62,11 @@ local function session_reset_stream(session)
session.notopen = true;
function session.data(conn, data)
- parser:parse(data);
+ local ok, err = parser:parse(data);
+ if ok then return; end
+ session:close("xml-not-well-formed");
end
+
return true;
end