aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2016-04-19 12:18:19 +0200
committerKim Alvefur <zash@zash.se>2016-04-19 12:18:19 +0200
commit354f33a769784adef8297a43150e5131e523697b (patch)
tree89c3d7cf4c3711f22ddc8b2078ea30fba708ef05
parent4de7923fba7776bfcb26965b5c106b84b07b11a3 (diff)
downloadprosody-354f33a769784adef8297a43150e5131e523697b.tar.gz
prosody-354f33a769784adef8297a43150e5131e523697b.zip
mod_bosh: Validate that 'sid' and 'wait' have sane values (fixes #475, also see #343)
-rw-r--r--plugins/mod_bosh.lua17
1 files changed, 14 insertions, 3 deletions
diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua
index f2cfb44a..6ec3ff16 100644
--- a/plugins/mod_bosh.lua
+++ b/plugins/mod_bosh.lua
@@ -244,8 +244,9 @@ function stream_callbacks.streamopened(context, attr)
-- New session request
context.notopen = nil; -- Signals that we accept this opening tag
- -- TODO: Sanity checks here (rid, to, known host, etc.)
local to_host = nameprep(attr.to);
+ local rid = tonumber(attr.rid);
+ local wait = tonumber(attr.wait);
if not to_host then
log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to));
local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
@@ -260,12 +261,22 @@ function stream_callbacks.streamopened(context, attr)
response:send(tostring(close_reply));
return;
end
+ if not rid or (not wait and attr.wait or wait < 0) then
+ log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait));
+ local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+ ["xmlns:stream"] = xmlns_streams, condition = "bad-request" });
+ response:send(tostring(close_reply));
+ return;
+ end
+
+ rid = rid - 1;
+ wait = math_min(wait, bosh_max_wait);
-- New session
sid = new_uuid();
local session = {
- type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to,
- bosh_version = attr.ver, bosh_wait = math_min(attr.wait, bosh_max_wait), streamid = sid,
+ type = "c2s_unauthed", conn = {}, sid = sid, rid = rid-1, host = attr.to,
+ bosh_version = attr.ver, bosh_wait = wait, streamid = sid,
bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY,
requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream,
close = bosh_close_stream, dispatch_stanza = core_process_stanza, notopen = true,