diff options
author | Tobias Markmann <tm@ayena.de> | 2018-02-26 16:27:04 (GMT) |
---|---|---|
committer | Tobias Markmann <tm@ayena.de> | 2018-02-26 16:27:04 (GMT) |
commit | 8ede4f21d6b81263b15487509e37e6df4553c18f (patch) | |
tree | 890780a61640d2a1fc2c4a2f31142069decd3d7c /Swiften | |
parent | bd4115c0db3d898d7de0944d340a9a2f1de4938c (diff) | |
download | swift-8ede4f21d6b81263b15487509e37e6df4553c18f.zip swift-8ede4f21d6b81263b15487509e37e6df4553c18f.tar.bz2 |
Ignore invalid vCard avatar update notifications
Test-Information:
Tests pass on macOS 10.13.3 with clang-trunk and ASAN.
Change-Id: Ice68e93341693349ed5d95dfc062c0a7b07dc673
Diffstat (limited to 'Swiften')
-rw-r--r-- | Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp | 3 | ||||
-rw-r--r-- | Swiften/Avatars/VCardUpdateAvatarManager.cpp | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp b/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp index 241f375..5a35410 100644 --- a/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp +++ b/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014-2016 Isode Limited. + * Copyright (c) 2014-2018 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -91,6 +91,7 @@ class AvatarManagerImplTest : public CppUnit::TestFixture { /* send new presence to notify of blank avatar */ vcardUpdate = std::make_shared<VCardUpdate>(); + vcardUpdate->setPhotoHash("da39a3ee5e6b4b0d3255bfef95601890afd80709"); presence = std::make_shared<Presence>(); presence->setTo(ownerJID); presence->setFrom(personJID); diff --git a/Swiften/Avatars/VCardUpdateAvatarManager.cpp b/Swiften/Avatars/VCardUpdateAvatarManager.cpp index 3e8d87b..349af2f 100644 --- a/Swiften/Avatars/VCardUpdateAvatarManager.cpp +++ b/Swiften/Avatars/VCardUpdateAvatarManager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010-2016 Isode Limited. + * Copyright (c) 2010-2018 Isode Limited. * All rights reserved. * See the COPYING file for more information. */ @@ -32,6 +32,10 @@ void VCardUpdateAvatarManager::handlePresenceReceived(std::shared_ptr<Presence> return; } JID from = getAvatarJID(presence->getFrom()); + if (update->getPhotoHash().size() != 40) { + SWIFT_LOG(debug) << "Invalid vCard avatar photo hash length. Must be hex-encoded SHA-1, i.e. 40 characters." << std::endl; + return; + } if (getAvatarHash(from) == update->getPhotoHash()) { return; } |