Context Navigation

conference.c @ cb1b973

Last change on this file since cb1b973 was 4543b6bd, checked in by dequis <dx@…>, at 2015-04-04T01:23:59Z

jabber: Fixed null deref when receiving <subject> from oneself

If the from="..." of the message that includes a subject refers to us,
that buddy object won't have an ext_jid set, and passing that to
strchr() results in pain.

This happens with recent versions of an xmpp server called "lets-chat".

Property mode set to 100644

File size: 12.2 KB

Rev	Line
[e35d1a1]	1	/***************************************************************************\
	2	* *
	3	* BitlBee - An IRC to IM gateway *
	4	* Jabber module - Conference rooms *
	5	* *
[0e788f5]	6	* Copyright 2007-2012 Wilmer van der Gaast <wilmer@gaast.net> *
[e35d1a1]	7	* *
	8	* This program is free software; you can redistribute it and/or modify *
	9	* it under the terms of the GNU General Public License as published by *
	10	* the Free Software Foundation; either version 2 of the License, or *
	11	* (at your option) any later version. *
	12	* *
	13	* This program is distributed in the hope that it will be useful, *
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	16	* GNU General Public License for more details. *
	17	* *
	18	* You should have received a copy of the GNU General Public License along *
	19	* with this program; if not, write to the Free Software Foundation, Inc., *
	20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
	21	* *
	22	\***************************************************************************/
	23
	24	#include "jabber.h"
[fc0640e]	25	#include "sha1.h"
[e35d1a1]	26
[5ebff60]	27	static xt_status jabber_chat_join_failed(struct im_connection ic, struct xt_node node, struct xt_node *orig);
[5bd21df]	28
[5ebff60]	29	struct groupchat jabber_chat_join(struct im_connection ic, const char room, const char nick, const char *password)
[e35d1a1]	30	{
	31	struct jabber_chat *jc;
	32	struct xt_node *node;
	33	struct groupchat *c;
	34	char *roomjid;
[5ebff60]	35
	36	roomjid = g_strdup_printf("%s/%s", room, nick);
	37	node = xt_new_node("x", NULL, NULL);
	38	xt_add_attr(node, "xmlns", XMLNS_MUC);
	39	if (password) {
	40	xt_add_child(node, xt_new_node("password", password, NULL));
	41	}
	42	node = jabber_make_packet("presence", NULL, roomjid, node);
	43	jabber_cache_add(ic, node, jabber_chat_join_failed);
	44
	45	if (!jabber_write_packet(ic, node)) {
	46	g_free(roomjid);
[e35d1a1]	47	return NULL;
	48	}
[5ebff60]	49
	50	jc = g_new0(struct jabber_chat, 1);
	51	jc->name = jabber_normalize(room);
	52
	53	if ((jc->me = jabber_buddy_add(ic, roomjid)) == NULL) {
	54	g_free(roomjid);
	55	g_free(jc->name);
	56	g_free(jc);
[e35d1a1]	57	return NULL;
	58	}
[5ebff60]	59
[9c9b37c]	60	/* roomjid isn't normalized yet, and we need an original version
	61	of the nick to send a proper presence update. */
	62	jc->my_full_jid = roomjid;
[5ebff60]	63
	64	c = imcb_chat_new(ic, room);
[e35d1a1]	65	c->data = jc;
[5ebff60]	66
[e35d1a1]	67	return c;
	68	}
	69
[5ebff60]	70	struct groupchat jabber_chat_with(struct im_connection ic, char *who)
[fc0640e]	71	{
	72	struct jabber_data *jd = ic->proto_data;
	73	struct jabber_chat *jc;
	74	struct groupchat *c;
	75	sha1_state_t sum;
	76	double now = gettime();
	77	char uuid, rjid, *cserv;
[5ebff60]	78
	79	sha1_init(&sum);
	80	sha1_append(&sum, (uint8_t *) ic->acc->user, strlen(ic->acc->user));
	81	sha1_append(&sum, (uint8_t *) &now, sizeof(now));
	82	sha1_append(&sum, (uint8_t *) who, strlen(who));
	83	uuid = sha1_random_uuid(&sum);
	84
	85	if (jd->flags & JFLAG_GTALK) {
	86	cserv = g_strdup("groupchat.google.com");
	87	} else {
[fc0640e]	88	/* Guess... */
[5ebff60]	89	cserv = g_strdup_printf("conference.%s", jd->server);
	90	}
	91
	92	rjid = g_strdup_printf("private-chat-%s@%s", uuid, cserv);
	93	g_free(uuid);
	94	g_free(cserv);
	95
	96	c = jabber_chat_join(ic, rjid, jd->username, NULL);
	97	g_free(rjid);
	98	if (c == NULL) {
[fc0640e]	99	return NULL;
[5ebff60]	100	}
	101
[fc0640e]	102	jc = c->data;
[5ebff60]	103	jc->invite = g_strdup(who);
	104
[fc0640e]	105	return c;
	106	}
	107
[5ebff60]	108	static xt_status jabber_chat_join_failed(struct im_connection ic, struct xt_node node, struct xt_node *orig)
[5bd21df]	109	{
	110	struct jabber_error *err;
	111	struct jabber_buddy *bud;
	112	char *room;
[5ebff60]	113
	114	room = xt_find_attr(orig, "to");
	115	bud = jabber_buddy_by_jid(ic, room, 0);
	116	err = jabber_error_parse(xt_find_node(node->children, "error"), XMLNS_STANZA_ERROR);
	117	if (err) {
	118	imcb_error(ic, "Error joining groupchat %s: %s%s%s", room, err->code,
	119	err->text ? ": " : "", err->text ? err->text : "");
	120	jabber_error_free(err);
[5bd21df]	121	}
[5ebff60]	122	if (bud) {
	123	jabber_chat_free(jabber_chat_by_jid(ic, bud->bare_jid));
	124	}
	125
[80e9db9]	126	return XT_HANDLED;
[5bd21df]	127	}
	128
[5ebff60]	129	struct groupchat jabber_chat_by_jid(struct im_connection ic, const char *name)
[5bd21df]	130	{
[5ebff60]	131	char *normalized = jabber_normalize(name);
[aea8b68]	132	GSList *l;
[5bd21df]	133	struct groupchat *ret;
	134	struct jabber_chat *jc;
[5ebff60]	135
	136	for (l = ic->groupchats; l; l = l->next) {
[aea8b68]	137	ret = l->data;
[5bd21df]	138	jc = ret->data;
[5ebff60]	139	if (strcmp(normalized, jc->name) == 0) {
[5bd21df]	140	break;
[5ebff60]	141	}
[5bd21df]	142	}
[5ebff60]	143	g_free(normalized);
	144
[58f5ef7]	145	return l ? ret : NULL;
[5bd21df]	146	}
	147
[5ebff60]	148	void jabber_chat_free(struct groupchat *c)
[9da0bbf]	149	{
	150	struct jabber_chat *jc = c->data;
[5ebff60]	151
	152	jabber_buddy_remove_bare(c->ic, jc->name);
	153
	154	g_free(jc->my_full_jid);
	155	g_free(jc->name);
	156	g_free(jc->invite);
	157	g_free(jc);
	158
	159	imcb_chat_free(c);
[9da0bbf]	160	}
	161
[5ebff60]	162	int jabber_chat_msg(struct groupchat c, char message, int flags)
[43671b9]	163	{
	164	struct im_connection *ic = c->ic;
	165	struct jabber_chat *jc = c->data;
	166	struct xt_node *node;
[5ebff60]	167
[63075d7]	168	jc->flags \|= JCFLAG_MESSAGE_SENT;
[5ebff60]	169
	170	node = xt_new_node("body", message, NULL);
	171	node = jabber_make_packet("message", "groupchat", jc->name, node);
	172
	173	if (!jabber_write_packet(ic, node)) {
	174	xt_free_node(node);
[43671b9]	175	return 0;
	176	}
[5ebff60]	177	xt_free_node(node);
	178
[43671b9]	179	return 1;
	180	}
	181
[5ebff60]	182	int jabber_chat_topic(struct groupchat c, char topic)
[ef5c185]	183	{
	184	struct im_connection *ic = c->ic;
	185	struct jabber_chat *jc = c->data;
	186	struct xt_node *node;
[5ebff60]	187
	188	node = xt_new_node("subject", topic, NULL);
	189	node = jabber_make_packet("message", "groupchat", jc->name, node);
	190
	191	if (!jabber_write_packet(ic, node)) {
	192	xt_free_node(node);
[ef5c185]	193	return 0;
	194	}
[5ebff60]	195	xt_free_node(node);
	196
[ef5c185]	197	return 1;
	198	}
	199
[5ebff60]	200	int jabber_chat_leave(struct groupchat c, const char reason)
[e35d1a1]	201	{
	202	struct im_connection *ic = c->ic;
	203	struct jabber_chat *jc = c->data;
	204	struct xt_node *node;
[5ebff60]	205
	206	node = xt_new_node("x", NULL, NULL);
	207	xt_add_attr(node, "xmlns", XMLNS_MUC);
	208	node = jabber_make_packet("presence", "unavailable", jc->my_full_jid, node);
	209
	210	if (!jabber_write_packet(ic, node)) {
	211	xt_free_node(node);
[e35d1a1]	212	return 0;
	213	}
[5ebff60]	214	xt_free_node(node);
	215
[e35d1a1]	216	return 1;
	217	}
	218
[5ebff60]	219	void jabber_chat_invite(struct groupchat c, char who, char *message)
[c058ff9]	220	{
	221	struct xt_node *node;
	222	struct im_connection *ic = c->ic;
	223	struct jabber_chat *jc = c->data;
	224
[5ebff60]	225	node = xt_new_node("reason", message, NULL);
	226
	227	node = xt_new_node("invite", NULL, node);
	228	xt_add_attr(node, "to", who);
[c058ff9]	229
[5ebff60]	230	node = xt_new_node("x", NULL, node);
	231	xt_add_attr(node, "xmlns", XMLNS_MUC_USER);
[c058ff9]	232
[5ebff60]	233	node = jabber_make_packet("message", NULL, jc->name, node);
[c058ff9]	234
[5ebff60]	235	jabber_write_packet(ic, node);
[c058ff9]	236
[5ebff60]	237	xt_free_node(node);
[c058ff9]	238	}
	239
[e35d1a1]	240	/* Not really the same syntax as the normal pkt_ functions, but this isn't
[0e7ab64]	241	called by the xmltree parser directly and this way I can add some extra
[e35d1a1]	242	parameters so we won't have to repeat too many things done by the caller
	243	already. */
[5ebff60]	244	void jabber_chat_pkt_presence(struct im_connection ic, struct jabber_buddy bud, struct xt_node *node)
[e35d1a1]	245	{
	246	struct groupchat *chat;
	247	struct xt_node *c;
[5ebff60]	248	char *type = xt_find_attr(node, "type");
[68286eb]	249	struct jabber_data *jd = ic->proto_data;
[e35d1a1]	250	struct jabber_chat *jc;
	251	char *s;
[5ebff60]	252
	253	if ((chat = jabber_chat_by_jid(ic, bud->bare_jid)) == NULL) {
[e35d1a1]	254	/* How could this happen?? We could do kill( self, 11 )
	255	now or just wait for the OS to do it. :-) */
	256	return;
	257	}
[5ebff60]	258
[e35d1a1]	259	jc = chat->data;
[5ebff60]	260
	261	if (type == NULL && !(bud->flags & JBFLAG_IS_CHATROOM)) {
[e35d1a1]	262	bud->flags \|= JBFLAG_IS_CHATROOM;
	263	/* If this one wasn't set yet, this buddy just joined the chat.
	264	Slightly hackish way of finding out eh? ;-) */
[5ebff60]	265
[b9f8b87]	266	/* This is pretty messy... Here it sets ext_jid to the real
	267	JID of the participant. Works for non-anonymized channels.
	268	Might break if someone joins a chat twice, though. */
[5ebff60]	269	for (c = node->children; (c = xt_find_node(c, "x")); c = c->next) {
	270	if ((s = xt_find_attr(c, "xmlns")) &&
	271	(strcmp(s, XMLNS_MUC_USER) == 0)) {
[19176513]	272	struct xt_node *item;
[5ebff60]	273
	274	item = xt_find_node(c->children, "item");
	275	if ((s = xt_find_attr(item, "jid"))) {
[e35d1a1]	276	/* Yay, found what we need. :-) */
[5ebff60]	277	bud->ext_jid = jabber_normalize(s);
[e35d1a1]	278	break;
	279	}
	280	}
[5ebff60]	281	}
	282
[6286f80]	283	/* Make up some other handle, if necessary. */
[5ebff60]	284	if (bud->ext_jid == NULL) {
	285	if (bud == jc->me) {
	286	bud->ext_jid = g_strdup(jd->me);
	287	} else {
[5d7dc00]	288	int i;
[5ebff60]	289
[54f2f55]	290	/* Don't want the nick to be at the end, so let's
	291	think of some slightly different notation to use
	292	for anonymous groupchat participants in BitlBee. */
[5ebff60]	293	bud->ext_jid = g_strdup_printf("%s=%s", bud->resource, bud->bare_jid);
	294
[5d7dc00]	295	/* And strip any unwanted characters. */
[5ebff60]	296	for (i = 0; bud->resource[i]; i++) {
	297	if (bud->ext_jid[i] == '=' \|\| bud->ext_jid[i] == '@') {
[5d7dc00]	298	bud->ext_jid[i] = '_';
[5ebff60]	299	}
	300	}
	301
[85023c6]	302	/* Some program-specific restrictions. */
[5ebff60]	303	imcb_clean_handle(ic, bud->ext_jid);
[5d7dc00]	304	}
[6286f80]	305	bud->flags \|= JBFLAG_IS_ANONYMOUS;
	306	}
[5ebff60]	307
	308	if (bud != jc->me && bud->flags & JBFLAG_IS_ANONYMOUS) {
[e73a501]	309	/* If JIDs are anonymized, add them to the local
	310	list for the duration of this chat. */
[5ebff60]	311	imcb_add_buddy(ic, bud->ext_jid, NULL);
	312	imcb_buddy_nick_hint(ic, bud->ext_jid, bud->resource);
[c570c86]	313	}
[5ebff60]	314
	315	if (bud == jc->me && jc->invite != NULL) {
	316	char *msg = g_strdup_printf("Please join me in room %s", jc->name);
	317	jabber_chat_invite(chat, jc->invite, msg);
	318	g_free(jc->invite);
	319	g_free(msg);
[fc0640e]	320	jc->invite = NULL;
	321	}
[5ebff60]	322
	323	s = strchr(bud->ext_jid, '/');
	324	if (s) {
	325	s = 0; / Should NEVER be NULL, but who knows... */
	326	}
	327	imcb_chat_add_buddy(chat, bud->ext_jid);
	328	if (s) {
	329	*s = '/';
	330	}
	331	} else if (type) { /* type can only be NULL or "unavailable" in this function */
	332	if ((bud->flags & JBFLAG_IS_CHATROOM) && bud->ext_jid) {
	333	s = strchr(bud->ext_jid, '/');
	334	if (s) {
	335	*s = 0;
	336	}
	337	imcb_chat_remove_buddy(chat, bud->ext_jid, NULL);
	338	if (bud != jc->me && bud->flags & JBFLAG_IS_ANONYMOUS) {
	339	imcb_remove_buddy(ic, bud->ext_jid, NULL);
	340	}
	341	if (s) {
	342	*s = '/';
	343	}
	344	}
	345
	346	if (bud == jc->me) {
	347	jabber_chat_free(chat);
[bdad407]	348	}
[e35d1a1]	349	}
	350	}
	351
[5ebff60]	352	void jabber_chat_pkt_message(struct im_connection ic, struct jabber_buddy bud, struct xt_node *node)
[e35d1a1]	353	{
[5ebff60]	354	struct xt_node *subject = xt_find_node(node->children, "subject");
	355	struct xt_node *body = xt_find_node(node->children, "body");
	356	struct groupchat *chat = bud ? jabber_chat_by_jid(ic, bud->bare_jid) : NULL;
[63075d7]	357	struct jabber_chat *jc = chat ? chat->data : NULL;
[e35d1a1]	358	char *s;
[5ebff60]	359
	360	if (subject && chat) {
[4543b6bd]	361	s = (bud && bud->ext_jid) ? strchr(bud->ext_jid, '/') : NULL;
[5ebff60]	362	if (s) {
	363	*s = 0;
	364	}
	365	imcb_chat_topic(chat, bud ? bud->ext_jid : NULL, subject->text_len > 0 ?
	366	subject->text : NULL, jabber_get_timestamp(node));
	367	if (s) {
	368	*s = '/';
	369	}
[41e0c00]	370	}
[5ebff60]	371
	372	if (bud == NULL \|\| (jc && ~jc->flags & JCFLAG_MESSAGE_SENT && bud == jc->me)) {
[a882d6c]	373	char *nick;
[5ebff60]	374
	375	if (body == NULL \|\| body->text_len == 0) {
[a882d6c]	376	/* Meh. Empty messages aren't very interesting, no matter
	377	how much some servers love to send them. */
	378	return;
[5ebff60]	379	}
	380
	381	s = xt_find_attr(node, "from"); /* pkt_message() already NULL-checked this one. */
	382	nick = strchr(s, '/');
	383	if (nick) {
[a882d6c]	384	/* If this message included a resource/nick we don't know,
	385	we might still know the groupchat itself. */
	386	*nick = 0;
[5ebff60]	387	chat = jabber_chat_by_jid(ic, s);
[a882d6c]	388	*nick = '/';
[5ebff60]	389
	390	nick++;
	391	} else {
[a882d6c]	392	/* message.c uses the EXACT_JID option, so bud should
	393	always be NULL here for bare JIDs. */
[5ebff60]	394	chat = jabber_chat_by_jid(ic, s);
[a882d6c]	395	}
[5ebff60]	396
	397	if (nick == NULL) {
[e35d1a1]	398	/* This is fine, the groupchat itself isn't in jd->buddies. */
[5ebff60]	399	if (chat) {
	400	imcb_chat_log(chat, "From conference server: %s", body->text);
	401	} else {
	402	imcb_log(ic, "System message from unknown groupchat %s: %s", s, body->text);
	403	}
	404	} else {
[a882d6c]	405	/* This can happen too, at least when receiving a backlog when
	406	just joining a channel. */
[5ebff60]	407	if (chat) {
	408	imcb_chat_log(chat, "Message from unknown participant %s: %s", nick, body->text);
	409	} else {
	410	imcb_log(ic, "Groupchat message from unknown JID %s: %s", s, body->text);
	411	}
[a882d6c]	412	}
[5ebff60]	413
[e35d1a1]	414	return;
[5ebff60]	415	} else if (chat == NULL) {
[e35d1a1]	416	/* How could this happen?? We could do kill( self, 11 )
	417	now or just wait for the OS to do it. :-) */
	418	return;
	419	}
[5ebff60]	420	if (body && body->text_len > 0) {
[4543b6bd]	421	s = (bud->ext_jid) ? strchr(bud->ext_jid, '/') : NULL;
[5ebff60]	422	if (s) {
	423	*s = 0;
	424	}
	425	imcb_chat_msg(chat, bud->ext_jid, body->text, 0, jabber_get_timestamp(node));
	426	if (s) {
	427	*s = '/';
	428	}
[e35d1a1]	429	}
	430	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: protocols/jabber/conference.c @ cb1b973

Download in other formats: