diff options
author | Kim Alvefur <zash@zash.se> | 2016-04-19 12:18:19 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2016-04-19 12:18:19 +0200 |
commit | 354f33a769784adef8297a43150e5131e523697b (patch) | |
tree | 89c3d7cf4c3711f22ddc8b2078ea30fba708ef05 | |
parent | 4de7923fba7776bfcb26965b5c106b84b07b11a3 (diff) | |
download | prosody-354f33a769784adef8297a43150e5131e523697b.tar.gz prosody-354f33a769784adef8297a43150e5131e523697b.zip |
mod_bosh: Validate that 'sid' and 'wait' have sane values (fixes #475, also see #343)
-rw-r--r-- | plugins/mod_bosh.lua | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index f2cfb44a..6ec3ff16 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -244,8 +244,9 @@ function stream_callbacks.streamopened(context, attr) -- New session request context.notopen = nil; -- Signals that we accept this opening tag - -- TODO: Sanity checks here (rid, to, known host, etc.) local to_host = nameprep(attr.to); + local rid = tonumber(attr.rid); + local wait = tonumber(attr.wait); if not to_host then log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", @@ -260,12 +261,22 @@ function stream_callbacks.streamopened(context, attr) response:send(tostring(close_reply)); return; end + if not rid or (not wait and attr.wait or wait < 0) then + log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + response:send(tostring(close_reply)); + return; + end + + rid = rid - 1; + wait = math_min(wait, bosh_max_wait); -- New session sid = new_uuid(); local session = { - type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to, - bosh_version = attr.ver, bosh_wait = math_min(attr.wait, bosh_max_wait), streamid = sid, + type = "c2s_unauthed", conn = {}, sid = sid, rid = rid-1, host = attr.to, + bosh_version = attr.ver, bosh_wait = wait, streamid = sid, bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY, requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream, dispatch_stanza = core_process_stanza, notopen = true, |