diff options
Diffstat (limited to 'Swiften')
-rw-r--r-- | Swiften/IDN/StringPrep.cpp | 12 | ||||
-rw-r--r-- | Swiften/JID/JID.cpp | 56 | ||||
-rw-r--r-- | Swiften/JID/JID.h | 3 | ||||
-rw-r--r-- | Swiften/JID/UnitTest/JIDTest.cpp | 7 | ||||
-rw-r--r-- | Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp | 13 |
5 files changed, 63 insertions, 28 deletions
diff --git a/Swiften/IDN/StringPrep.cpp b/Swiften/IDN/StringPrep.cpp index 140e130..db09523 100644 --- a/Swiften/IDN/StringPrep.cpp +++ b/Swiften/IDN/StringPrep.cpp @@ -43,11 +43,19 @@ using namespace Swift; namespace Swift { std::string StringPrep::getPrepared(const std::string& s, Profile profile) { - return std::string(vecptr(getStringPrepared< std::string, std::vector<char> >(s, profile))); + std::vector<char> preparedData = getStringPrepared< std::string, std::vector<char> >(s, profile); + if (preparedData.empty()) { + throw std::exception(); + } + return std::string(vecptr(preparedData)); } SafeByteArray StringPrep::getPrepared(const SafeByteArray& s, Profile profile) { - return createSafeByteArray(reinterpret_cast<const char*>(vecptr(getStringPrepared<SafeByteArray, std::vector<char, SafeAllocator<char> > >(s, profile)))); + std::vector<char, SafeAllocator<char> > preparedData = getStringPrepared<SafeByteArray, std::vector<char, SafeAllocator<char> > >(s, profile); + if (preparedData.empty()) { + throw std::exception(); + } + return createSafeByteArray(reinterpret_cast<const char*>(vecptr(preparedData))); } } diff --git a/Swiften/JID/JID.cpp b/Swiften/JID/JID.cpp index 2ebbdd6..653ac6a 100644 --- a/Swiften/JID/JID.cpp +++ b/Swiften/JID/JID.cpp @@ -110,24 +110,25 @@ struct EscapedCharacterFormatter { }; #endif -JID::JID(const char* jid) { +JID::JID(const char* jid) : valid_(true) { initializeFromString(std::string(jid)); } -JID::JID(const std::string& jid) { +JID::JID(const std::string& jid) : valid_(true) { initializeFromString(jid); } -JID::JID(const std::string& node, const std::string& domain) : hasResource_(false) { +JID::JID(const std::string& node, const std::string& domain) : valid_(true), hasResource_(false) { nameprepAndSetComponents(node, domain, ""); } -JID::JID(const std::string& node, const std::string& domain, const std::string& resource) : hasResource_(true) { +JID::JID(const std::string& node, const std::string& domain, const std::string& resource) : valid_(true), hasResource_(true) { nameprepAndSetComponents(node, domain, resource); } void JID::initializeFromString(const std::string& jid) { if (String::beginsWith(jid, '@')) { + valid_ = false; return; } @@ -153,31 +154,40 @@ void JID::initializeFromString(const std::string& jid) { void JID::nameprepAndSetComponents(const std::string& node, const std::string& domain, const std::string& resource) { + try { #ifndef SWIFTEN_CACHE_JID_PREP - node_ = StringPrep::getPrepared(node, StringPrep::NamePrep); - domain_ = StringPrep::getPrepared(domain, StringPrep::XMPPNodePrep); - resource_ = StringPrep::getPrepared(resource, StringPrep::XMPPResourcePrep); + node_ = StringPrep::getPrepared(node, StringPrep::NamePrep); + domain_ = StringPrep::getPrepared(domain, StringPrep::XMPPNodePrep); + resource_ = StringPrep::getPrepared(resource, StringPrep::XMPPResourcePrep); #else - std::pair<PrepCache::iterator, bool> r; + std::pair<PrepCache::iterator, bool> r; - r = nodePrepCache.insert(std::make_pair(node, std::string())); - if (r.second) { - r.first->second = StringPrep::getPrepared(node, StringPrep::NamePrep); - } - node_ = r.first->second; + r = nodePrepCache.insert(std::make_pair(node, std::string())); + if (r.second) { + r.first->second = StringPrep::getPrepared(node, StringPrep::NamePrep); + } + node_ = r.first->second; - r = domainPrepCache.insert(std::make_pair(domain, std::string())); - if (r.second) { - r.first->second = StringPrep::getPrepared(domain, StringPrep::XMPPNodePrep); - } - domain_ = r.first->second; + r = domainPrepCache.insert(std::make_pair(domain, std::string())); + if (r.second) { + r.first->second = StringPrep::getPrepared(domain, StringPrep::XMPPNodePrep); + } + domain_ = r.first->second; + if (domain_.empty()) { + valid_ = false; + return; + } - r = resourcePrepCache.insert(std::make_pair(resource, std::string())); - if (r.second) { - r.first->second = StringPrep::getPrepared(resource, StringPrep::XMPPResourcePrep); - } - resource_ = r.first->second; + r = resourcePrepCache.insert(std::make_pair(resource, std::string())); + if (r.second) { + r.first->second = StringPrep::getPrepared(resource, StringPrep::XMPPResourcePrep); + } + resource_ = r.first->second; #endif + } + catch (const std::exception&) { + valid_ = false; + } } std::string JID::toString() const { diff --git a/Swiften/JID/JID.h b/Swiften/JID/JID.h index 756db98..a4461ba 100644 --- a/Swiften/JID/JID.h +++ b/Swiften/JID/JID.h @@ -72,7 +72,7 @@ namespace Swift { * @return Is a correctly-formatted JID. */ bool isValid() const { - return !domain_.empty(); /* FIXME */ + return valid_; } /** @@ -162,6 +162,7 @@ namespace Swift { void initializeFromString(const std::string&); private: + bool valid_; std::string node_; std::string domain_; bool hasResource_; diff --git a/Swiften/JID/UnitTest/JIDTest.cpp b/Swiften/JID/UnitTest/JIDTest.cpp index 6f7895a..cd21d03 100644 --- a/Swiften/JID/UnitTest/JIDTest.cpp +++ b/Swiften/JID/UnitTest/JIDTest.cpp @@ -23,6 +23,7 @@ class JIDTest : public CppUnit::TestFixture CPPUNIT_TEST(testConstructorWithString_UpperCaseDomain); CPPUNIT_TEST(testConstructorWithString_UpperCaseResource); CPPUNIT_TEST(testConstructorWithString_EmptyNode); + CPPUNIT_TEST(testConstructorWithString_IllegalResource); CPPUNIT_TEST(testConstructorWithStrings); CPPUNIT_TEST(testIsBare); CPPUNIT_TEST(testIsBare_NotBare); @@ -129,6 +130,12 @@ class JIDTest : public CppUnit::TestFixture CPPUNIT_ASSERT(!testling.isValid()); } + void testConstructorWithString_IllegalResource() { + JID testling("foo@bar.com/\xd8\xb1\xd9\x85\xd9\x82\xd9\x87\x20\xd8\xaa\xd8\xb1\xd9\x86\xd8\xb3\x20"); + + CPPUNIT_ASSERT(!testling.isValid()); + } + void testConstructorWithStrings() { JID testling("foo", "bar", "baz"); diff --git a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp index 5fa1f05..20b3d8a 100644 --- a/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp +++ b/Swiften/SASL/SCRAMSHA1ClientAuthenticator.cpp @@ -100,7 +100,11 @@ bool SCRAMSHA1ClientAuthenticator::setChallenge(const boost::optional<ByteArray> } // Compute all the values needed for the server signature - saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations); + try { + saltedPassword = PBKDF2::encode(StringPrep::getPrepared(getPassword(), StringPrep::SASLPrep), salt, iterations); + } + catch (const std::exception&) { + } authMessage = concat(getInitialBareClientMessage(), createByteArray(","), initialServerMessage, createByteArray(","), getFinalMessageWithoutProof()); ByteArray serverKey = HMACSHA1::getResult(saltedPassword, createByteArray("Server Key")); serverSignature = HMACSHA1::getResult(serverKey, authMessage); @@ -147,7 +151,12 @@ std::map<char, std::string> SCRAMSHA1ClientAuthenticator::parseMap(const std::st } ByteArray SCRAMSHA1ClientAuthenticator::getInitialBareClientMessage() const { - std::string authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep); + std::string authenticationID; + try { + authenticationID = StringPrep::getPrepared(getAuthenticationID(), StringPrep::SASLPrep); + } + catch (const std::exception&) { + } return createByteArray(std::string("n=" + escape(authenticationID) + ",r=" + clientnonce)); } |