summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Markmann <tm@ayena.de>2018-02-26 16:27:04 (GMT)
committerTobias Markmann <tm@ayena.de>2018-02-26 16:27:04 (GMT)
commit8ede4f21d6b81263b15487509e37e6df4553c18f (patch)
tree890780a61640d2a1fc2c4a2f31142069decd3d7c /Swiften
parentbd4115c0db3d898d7de0944d340a9a2f1de4938c (diff)
downloadswift-8ede4f21d6b81263b15487509e37e6df4553c18f.zip
swift-8ede4f21d6b81263b15487509e37e6df4553c18f.tar.bz2
Ignore invalid vCard avatar update notifications
Test-Information: Tests pass on macOS 10.13.3 with clang-trunk and ASAN. Change-Id: Ice68e93341693349ed5d95dfc062c0a7b07dc673
Diffstat (limited to 'Swiften')
-rw-r--r--Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp3
-rw-r--r--Swiften/Avatars/VCardUpdateAvatarManager.cpp6
2 files changed, 7 insertions, 2 deletions
diff --git a/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp b/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp
index 241f375..5a35410 100644
--- a/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp
+++ b/Swiften/Avatars/UnitTest/AvatarManagerImplTest.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014-2016 Isode Limited.
+ * Copyright (c) 2014-2018 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -91,6 +91,7 @@ class AvatarManagerImplTest : public CppUnit::TestFixture {
/* send new presence to notify of blank avatar */
vcardUpdate = std::make_shared<VCardUpdate>();
+ vcardUpdate->setPhotoHash("da39a3ee5e6b4b0d3255bfef95601890afd80709");
presence = std::make_shared<Presence>();
presence->setTo(ownerJID);
presence->setFrom(personJID);
diff --git a/Swiften/Avatars/VCardUpdateAvatarManager.cpp b/Swiften/Avatars/VCardUpdateAvatarManager.cpp
index 3e8d87b..349af2f 100644
--- a/Swiften/Avatars/VCardUpdateAvatarManager.cpp
+++ b/Swiften/Avatars/VCardUpdateAvatarManager.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010-2016 Isode Limited.
+ * Copyright (c) 2010-2018 Isode Limited.
* All rights reserved.
* See the COPYING file for more information.
*/
@@ -32,6 +32,10 @@ void VCardUpdateAvatarManager::handlePresenceReceived(std::shared_ptr<Presence>
return;
}
JID from = getAvatarJID(presence->getFrom());
+ if (update->getPhotoHash().size() != 40) {
+ SWIFT_LOG(debug) << "Invalid vCard avatar photo hash length. Must be hex-encoded SHA-1, i.e. 40 characters." << std::endl;
+ return;
+ }
if (getAvatarHash(from) == update->getPhotoHash()) {
return;
}