aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfiaxh <git@lightrise.org>2020-05-14 13:22:25 +0200
committerfiaxh <git@lightrise.org>2020-05-14 13:22:25 +0200
commit74b511593d4471d28f8e5d13437139e247475b13 (patch)
tree9b4ccb03ce0ff52afc83ff5d7682afbfc3456999
parentcd3a119eff66a9e8cbd48d418c1e02f29dca4b41 (diff)
downloaddino-74b511593d4471d28f8e5d13437139e247475b13.tar.gz
dino-74b511593d4471d28f8e5d13437139e247475b13.zip
Convert '<' back to '&lt;' in factors of the XEP-0115 verification string
-rw-r--r--xmpp-vala/src/module/xep/0115_entitiy_capabilities.vala39
1 files changed, 28 insertions, 11 deletions
diff --git a/xmpp-vala/src/module/xep/0115_entitiy_capabilities.vala b/xmpp-vala/src/module/xep/0115_entitiy_capabilities.vala
index 20279546..4f2dadfb 100644
--- a/xmpp-vala/src/module/xep/0115_entitiy_capabilities.vala
+++ b/xmpp-vala/src/module/xep/0115_entitiy_capabilities.vala
@@ -115,38 +115,46 @@ namespace Xmpp.Xep.EntityCapabilities {
identities.sort(compare_identities);
features.sort();
- string s = "";
+ StringBuilder sb = new StringBuilder();
foreach (ServiceDiscovery.Identity identity in identities) {
- string s_identity = identity.category + "/" + identity.type_ + "//";
- if (identity.name != null) s_identity += identity.name;
- s_identity += "<";
- s += s_identity;
+ sb.append(sanitize(identity.category))
+ .append("/")
+ .append(sanitize(identity.type_))
+ .append("//");
+ if (identity.name != null) {
+ sb.append(sanitize(identity.name));
+ }
+ sb.append("<");
}
foreach (string feature in features) {
- s += feature + "<";
+ sb.append(sanitize(feature))
+ .append("<");
}
data_forms.sort(compare_data_forms);
foreach (DataForms.DataForm data_form in data_forms) {
if (data_form.form_type == null) {
- // If [..] the FORM_TYPE field is not of type "hidden" or the form does not include a FORM_TYPE field, ignore the form but continue processing. (XEP-0115)
+ // If [..] the FORM_TYPE field is not of type "hidden" or the form does not include a FORM_TYPE field, ignore the form but continue processing. (XEP-0115 5.4)
continue;
}
- s += data_form.form_type + "<";
+ sb.append(sanitize(data_form.form_type))
+ .append("<");
data_form.fields.sort(compare_data_fields);
foreach (DataForms.DataForm.Field field in data_form.fields) {
- s += field.var + "<";
+ sb.append(sanitize(field.var))
+ .append("<");
Gee.List<string> values = field.get_values();
values.sort();
foreach (string value in values) {
- s += value + "<";
+ sb.append(sanitize(value))
+ .append("<");
}
}
}
Checksum c = new Checksum(ChecksumType.SHA1);
- c.update(s.data, -1);
+ c.update(sb.str.data, -1);
size_t size = 20;
uint8[] buf = new uint8[size];
c.get_digest(buf, ref size);
@@ -154,6 +162,15 @@ namespace Xmpp.Xep.EntityCapabilities {
return Base64.encode(buf);
}
+ /*
+ * If the four characters '&', 'l', 't', ';' appear consecutively in any of the factors of the verification
+ * string S [...] then that string of characters MUST be treated as literally '&lt;' and MUST NOT be converted to
+ * the character '<', because completing such a conversion would open the protocol to trivial attacks. (XEP-0115 5.1)
+ */
+ private static string sanitize(string s) {
+ return s.replace("<", "&lt;");
+ }
+
private static int compare_identities(ServiceDiscovery.Identity a, ServiceDiscovery.Identity b) {
int category_comp = a.category.collate(b.category);
if (category_comp != 0) return category_comp;