From 637f02f551c03735ffecb301ecca114346faba98 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:13:03 +0200 Subject: mod_bosh: Remove unused import --- plugins/mod_bosh.lua | 1 - 1 file changed, 1 deletion(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 032b20a8..99451754 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -13,7 +13,6 @@ local new_xmpp_stream = require "util.xmppstream".new; local sm = require "core.sessionmanager"; local sm_destroy_session = sm.destroy_session; local new_uuid = require "util.uuid".generate; -local fire_event = prosody.events.fire_event; local core_process_stanza = prosody.core_process_stanza; local st = require "util.stanza"; local logger = require "util.logger"; -- cgit v1.2.3 From a98e9745044896cccf3dc686f4b0eb04a3c10f38 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:14:07 +0200 Subject: mod_bosh: Return if a response has been sent already (See #343) --- plugins/mod_bosh.lua | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 99451754..ce51ccc5 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -179,6 +179,8 @@ function handle_POST(event) else return true; -- Inform http server we shall reply later end + elseif response.finished then + return; -- A response has been sent already end module:log("warn", "Unable to associate request with a session (incomplete request?)"); return 400; -- cgit v1.2.3 From 4fea560fa7d84d2a6c90540537be72c15d6d300e Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:15:20 +0200 Subject: mod_bosh: Log error returned from stream:feed() --- plugins/mod_bosh.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index ce51ccc5..845df61a 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -126,8 +126,9 @@ function handle_POST(event) -- In particular, the streamopened() stream callback is where -- much of the session logic happens, because it's where we first -- get to see the 'sid' of this request. - if not stream:feed(body) then - module:log("warn", "Error parsing BOSH payload") + local ok, err = stream:feed(body); + if not ok then + module:log("warn", "Error parsing BOSH payload; %s", err) return 400; end -- cgit v1.2.3 From 9cf04c820a418a57a8826b018dc1723824635133 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:16:17 +0200 Subject: mod_bosh: Return a proper BOSH error response instead of deprecated(?) status code (See #343) --- plugins/mod_bosh.lua | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 845df61a..64d52f91 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -129,7 +129,9 @@ function handle_POST(event) local ok, err = stream:feed(body); if not ok then module:log("warn", "Error parsing BOSH payload; %s", err) - return 400; + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + return tostring(close_reply); end -- Stanzas (if any) in the request have now been processed, and @@ -184,7 +186,9 @@ function handle_POST(event) return; -- A response has been sent already end module:log("warn", "Unable to associate request with a session (incomplete request?)"); - return 400; + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "item-not-found" }); + return tostring(close_reply) .. "\n"; end -- cgit v1.2.3 From 4de7923fba7776bfcb26965b5c106b84b07b11a3 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:17:00 +0200 Subject: mod_bosh: Validate 'to' host (see #343) --- plugins/mod_bosh.lua | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 64d52f91..f2cfb44a 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -21,6 +21,7 @@ local initialize_filters = require "util.filters".initialize; local math_min = math.min; local xpcall, tostring, type = xpcall, tostring, type; local traceback = debug.traceback; +local nameprep = require "util.encodings".stringprep.nameprep; local xmlns_streams = "http://etherx.jabber.org/streams"; local xmlns_xmpp_streams = "urn:ietf:params:xml:ns:xmpp-streams"; @@ -244,7 +245,14 @@ function stream_callbacks.streamopened(context, attr) context.notopen = nil; -- Signals that we accept this opening tag -- TODO: Sanity checks here (rid, to, known host, etc.) - if not hosts[attr.to] then + local to_host = nameprep(attr.to); + if not to_host then + log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); + response:send(tostring(close_reply)); + return; + elseif not hosts[to_host] then -- Unknown host log("debug", "BOSH client tried to connect to unknown host: %s", tostring(attr.to)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", -- cgit v1.2.3 From 354f33a769784adef8297a43150e5131e523697b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:18:19 +0200 Subject: mod_bosh: Validate that 'sid' and 'wait' have sane values (fixes #475, also see #343) --- plugins/mod_bosh.lua | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index f2cfb44a..6ec3ff16 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -244,8 +244,9 @@ function stream_callbacks.streamopened(context, attr) -- New session request context.notopen = nil; -- Signals that we accept this opening tag - -- TODO: Sanity checks here (rid, to, known host, etc.) local to_host = nameprep(attr.to); + local rid = tonumber(attr.rid); + local wait = tonumber(attr.wait); if not to_host then log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", @@ -260,12 +261,22 @@ function stream_callbacks.streamopened(context, attr) response:send(tostring(close_reply)); return; end + if not rid or (not wait and attr.wait or wait < 0) then + log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + response:send(tostring(close_reply)); + return; + end + + rid = rid - 1; + wait = math_min(wait, bosh_max_wait); -- New session sid = new_uuid(); local session = { - type = "c2s_unauthed", conn = {}, sid = sid, rid = tonumber(attr.rid)-1, host = attr.to, - bosh_version = attr.ver, bosh_wait = math_min(attr.wait, bosh_max_wait), streamid = sid, + type = "c2s_unauthed", conn = {}, sid = sid, rid = rid-1, host = attr.to, + bosh_version = attr.ver, bosh_wait = wait, streamid = sid, bosh_hold = BOSH_DEFAULT_HOLD, bosh_max_inactive = BOSH_DEFAULT_INACTIVITY, requests = { }, send_buffer = {}, reset_stream = bosh_reset_stream, close = bosh_close_stream, dispatch_stanza = core_process_stanza, notopen = true, -- cgit v1.2.3 From 14f2a5d0897685aa497af6d8da15eb4d46d4edd7 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:19:15 +0200 Subject: mod_bosh: Return a proper BOSH error response from XML parse error callback (see #343) --- plugins/mod_bosh.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 6ec3ff16..1f928eed 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -412,8 +412,9 @@ function stream_callbacks.error(context, error) log("debug", "Error parsing BOSH request payload; %s", error); if not context.sid then local response = context.response; - response.status_code = 400; - response:send(); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); + response:send(tostring(close_reply)); return; end -- cgit v1.2.3 From 75be55d7bd43bb415847f3e871bb81c8699a2967 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 19 Apr 2016 12:33:58 +0200 Subject: mod_bosh: Reject fractional 'wait' (See #343) --- plugins/mod_bosh.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 1f928eed..d317e4b9 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -261,7 +261,7 @@ function stream_callbacks.streamopened(context, attr) response:send(tostring(close_reply)); return; end - if not rid or (not wait and attr.wait or wait < 0) then + if not rid or (not wait and attr.wait or wait < 0 or wait % 1 ~= 0) then log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", ["xmlns:stream"] = xmlns_streams, condition = "bad-request" }); -- cgit v1.2.3