From 7027c01125981f14eb4d117658036e20e0a8bccc Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 5 Dec 2008 02:02:57 +0000
Subject: Disconnect with stream errors on bad XML, or invalid stream namespace

---
 core/xmlhandlers.lua        | 14 ++++++++------
 net/xmppclient_listener.lua | 16 ++++++++++++++--
 net/xmppserver_listener.lua | 16 ++++++++++++++--
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index 2872a036..b4dd5479 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -57,9 +57,11 @@ function init_xmlhandlers(session, stream_callbacks)
 		
 		local cb_streamopened = stream_callbacks.streamopened;
 		local cb_streamclosed = stream_callbacks.streamclosed;
-		local cb_error = stream_callbacks.error or function (e) error("XML stream error: "..tostring(e)); end;
+		local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end;
 		local cb_handlestanza = stream_callbacks.handlestanza;
 		
+		local stream_ns = stream_callbacks.ns;
+		
 		local stanza
 		function xml_handlers:StartElement(name, attr)
 			if stanza and #chardata > 0 then
@@ -89,18 +91,18 @@ function init_xmlhandlers(session, stream_callbacks)
 			
 			if not stanza then --if we are not currently inside a stanza
 				if session.notopen then
-					if name == "stream" then
+					if name == "stream" and curr_ns == stream_ns then
 						if cb_streamopened then
 							cb_streamopened(session, attr);
 						end
 					else
 						-- Garbage before stream?
-						cb_error("no-stream");
+						cb_error(session, "no-stream");
 					end
 					return;
 				end
 				if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
-					cb_error("invalid-top-level-element");
+					cb_error(session, "invalid-top-level-element");
 				end
 				
 				stanza = st.stanza(name, attr);
@@ -127,9 +129,9 @@ function init_xmlhandlers(session, stream_callbacks)
 					end
 					return;
 				elseif name == "error" then
-					cb_error("stream-error", stanza);
+					cb_error(session, "stream-error", stanza);
 				else
-					cb_error("parse-error", "unexpected-element-close", name);
+					cb_error(session, "parse-error", "unexpected-element-close", name);
 				end
 			end
 			if stanza and #chardata > 0 then
diff --git a/net/xmppclient_listener.lua b/net/xmppclient_listener.lua
index 470c23d2..33dcef10 100644
--- a/net/xmppclient_listener.lua
+++ b/net/xmppclient_listener.lua
@@ -36,7 +36,16 @@ local sm_streamopened = sessionmanager.streamopened;
 local sm_streamclosed = sessionmanager.streamclosed;
 local st = stanza;
 
-local stream_callbacks = { streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = sm_streamopened, streamclosed = sm_streamclosed, handlestanza = core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+	if error == "no-stream" then
+		session:close("invalid-namespace");
+	else
+		session.log("debug", "Client XML parse error: %s", tostring(error));
+		session:close("xml-not-well-formed");
+	end
+end
 
 local sessions = {};
 local xmppclient = { default_port = 5222, default_mode = "*a" };
@@ -51,8 +60,11 @@ local function session_reset_stream(session)
 		session.notopen = true;
 		
 		function session.data(conn, data)
-			parser:parse(data);
+			local ok, err = parser:parse(data);
+			if ok then return; end
+			session:close("xml-not-well-formed");
 		end
+		
 		return true;
 end
 
diff --git a/net/xmppserver_listener.lua b/net/xmppserver_listener.lua
index 4b41afbd..bdd3948d 100644
--- a/net/xmppserver_listener.lua
+++ b/net/xmppserver_listener.lua
@@ -28,7 +28,16 @@ local s2s_streamopened = require "core.s2smanager".streamopened;
 local s2s_streamclosed = require "core.s2smanager".streamclosed;
 local s2s_destroy_session = require "core.s2smanager".destroy_session;
 local s2s_attempt_connect = require "core.s2smanager".attempt_connection;
-local stream_callbacks = { streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza =  core_process_stanza };
+local stream_callbacks = { ns = "http://etherx.jabber.org/streams", streamopened = s2s_streamopened, streamclosed = s2s_streamclosed, handlestanza =  core_process_stanza };
+
+function stream_callbacks.error(session, error, data)
+	if error == "no-stream" then
+		session:close("invalid-namespace");
+	else
+		session.log("debug", "Server-to-server XML parse error: %s", tostring(error));
+		session:close("xml-not-well-formed");
+	end
+end
 
 local connlisteners_register = require "net.connlisteners".register;
 
@@ -53,8 +62,11 @@ local function session_reset_stream(session)
 		session.notopen = true;
 		
 		function session.data(conn, data)
-			parser:parse(data);
+			local ok, err = parser:parse(data);
+			if ok then return; end
+			session:close("xml-not-well-formed");
 		end
+		
 		return true;
 end
 
-- 
cgit v1.2.3