From 535e1a979a164f807aa64bf2df2bb36e7015ff17 Mon Sep 17 00:00:00 2001 From: Nick Hudson Date: Mon, 3 Feb 2014 20:46:23 +0000 Subject: Check sender on incoming IQ responses This patch corresponds with the Swiften commit 5f1cb0d768265347bc80862c33f5967f07759b10 whose comment reads Release-Notes: Fixed a bug whereby the sender of an iq wasn't being checked before matching it to a request. Note that since the Swiften change, other modifications have been made to the affected files, and these modifications are not reflected in this patch. Test-information: Code builds. Ran with MLC to make sure things all seem to work OK. Change-Id: Ife96925d4d728bc0fe749d6b5b849fbe4e866315 diff --git a/src/com/isode/stroke/client/CoreClient.java b/src/com/isode/stroke/client/CoreClient.java index 236ed89..524a05a 100644 --- a/src/com/isode/stroke/client/CoreClient.java +++ b/src/com/isode/stroke/client/CoreClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2013, Isode Limited, London, England. + * Copyright (c) 2010-2014, Isode Limited, London, England. * All rights reserved. */ /* @@ -154,6 +154,7 @@ public class CoreClient { }); iqRouter_ = new IQRouter(stanzaChannel_); + iqRouter_.setJID(jid); } /*CoreClient::~CoreClient() { diff --git a/src/com/isode/stroke/queries/IQRouter.java b/src/com/isode/stroke/queries/IQRouter.java index bb4dafa..f35cab4 100644 --- a/src/com/isode/stroke/queries/IQRouter.java +++ b/src/com/isode/stroke/queries/IQRouter.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Isode Limited, London, England. + * Copyright (c) 2010-2014, Isode Limited, London, England. * All rights reserved. */ /* @@ -13,6 +13,7 @@ import java.util.Vector; import com.isode.stroke.elements.ErrorPayload; import com.isode.stroke.elements.IQ; import com.isode.stroke.signals.Slot1; +import com.isode.stroke.jid.JID; /** * This class is responsible for routing all IQ stanzas to the handlers. It's @@ -26,6 +27,7 @@ public class IQRouter { private final Vector handlers_ = new Vector(); private final IQChannel channel_; + private JID jid_; public IQRouter(IQChannel channel) { channel_ = channel; @@ -75,4 +77,20 @@ public class IQRouter { sendIQ(IQ.createError(iq.getFrom(), iq.getID(), ErrorPayload.Condition.FeatureNotImplemented, ErrorPayload.Type.Cancel)); } } + + /** + * Sets the JID of this IQ router. + * + * This JID is used by requests to check whether incoming results + * are addressed correctly + * @param jid the JID + */ + public void setJID(final JID jid) { + jid_ = jid; + } + + public JID getJID() { + return jid_; + } + } diff --git a/src/com/isode/stroke/queries/Request.java b/src/com/isode/stroke/queries/Request.java index 6a843a1..50645b4 100644 --- a/src/com/isode/stroke/queries/Request.java +++ b/src/com/isode/stroke/queries/Request.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Isode Limited, London, England. + * Copyright (c) 2010-2014, Isode Limited, London, England. * All rights reserved. */ /* @@ -67,20 +67,41 @@ public abstract class Request implements IQHandler { public boolean handleIQ(IQ iq) { boolean handled = false; if (sent_ && iq.getID().equals(id_)) { - if (iq.getType().equals(IQ.Type.Result)) { - handleResponse(iq.getPayload(payload_), null); - } else { - ErrorPayload errorPayload = iq.getPayload(new ErrorPayload()); - if (errorPayload != null) { - handleResponse(null, errorPayload); - } else { - handleResponse(null, new ErrorPayload(ErrorPayload.Condition.UndefinedCondition)); - } - } - router_.removeHandler(this); - handled = true; - } + if (isCorrectSender(iq.getFrom())) { + + if (iq.getType().equals(IQ.Type.Result)) { + handleResponse(iq.getPayload(payload_), null); + } else { + ErrorPayload errorPayload = iq.getPayload(new ErrorPayload()); + if (errorPayload != null) { + handleResponse(null, errorPayload); + } else { + handleResponse(null, new ErrorPayload(ErrorPayload.Condition.UndefinedCondition)); + } + } + router_.removeHandler(this); + handled = true; + } + } return handled; } + private boolean isCorrectSender(final JID jid) { + if (isAccountJID(receiver_)) { + return isAccountJID(jid); + } + return (jid.compare(receiver_, JID.CompareType.WithResource) == 0); + } + + private boolean isAccountJID(final JID jid) { + // If the router's JID is not set, we don't check anything + if (!router_.getJID().isValid()) { + return true; + } + + return jid.isValid() ? + router_.getJID().compare(jid, JID.CompareType.WithoutResource) == 0 : true; + } + + } \ No newline at end of file -- cgit v0.10.2-6-g49f6