From a91cada4fb652b58d162f69c087a6e1d62619ecc Mon Sep 17 00:00:00 2001 From: fiaxh Date: Wed, 7 Apr 2021 23:39:02 +0200 Subject: [PATCH] Fix segfault on bad certificate with multiple xmpp records Co-authored-by: Marvin W --- xmpp-vala/src/core/direct_tls_xmpp_stream.vala | 8 ++++---- xmpp-vala/src/core/starttls_xmpp_stream.vala | 8 ++++---- xmpp-vala/src/core/stream_connect.vala | 5 +++-- xmpp-vala/src/core/tls_xmpp_stream.vala | 6 ++++++ 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala index ca38b7bb..93c7e448 100644 --- a/xmpp-vala/src/core/direct_tls_xmpp_stream.vala +++ b/xmpp-vala/src/core/direct_tls_xmpp_stream.vala @@ -2,13 +2,13 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { string host; uint16 port; - TlsXmppStream.OnInvalidCert on_invalid_cert_outer; + TlsXmppStream.OnInvalidCertWrapper on_invalid_cert; - public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { + public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, TlsXmppStream.OnInvalidCertWrapper on_invalid_cert) { base(remote_name); this.host = host; this.port = port; - this.on_invalid_cert_outer = (owned)on_invalid_cert; + this.on_invalid_cert = on_invalid_cert; } public override async void connect() throws IOStreamError { @@ -21,7 +21,7 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream { tls_connection.set_advertised_protocols(new string[]{"xmpp-client"}); #endif tls_connection.accept_certificate.connect(on_invalid_certificate); - tls_connection.accept_certificate.connect((cert, flags) => on_invalid_cert_outer(cert, flags)); + tls_connection.accept_certificate.connect((cert, flags) => on_invalid_cert.func(cert, flags)); reset_stream(tls_connection); yield setup(); diff --git a/xmpp-vala/src/core/starttls_xmpp_stream.vala b/xmpp-vala/src/core/starttls_xmpp_stream.vala index 1e4f7954..ed5fbdda 100644 --- a/xmpp-vala/src/core/starttls_xmpp_stream.vala +++ b/xmpp-vala/src/core/starttls_xmpp_stream.vala @@ -4,13 +4,13 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream { string host; uint16 port; - TlsXmppStream.OnInvalidCert on_invalid_cert_outer; + TlsXmppStream.OnInvalidCertWrapper on_invalid_cert; - public StartTlsXmppStream(Jid remote, string host, uint16 port, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { + public StartTlsXmppStream(Jid remote, string host, uint16 port, TlsXmppStream.OnInvalidCertWrapper on_invalid_cert) { base(remote); this.host = host; this.port = port; - this.on_invalid_cert_outer = (owned)on_invalid_cert; + this.on_invalid_cert = on_invalid_cert; } public override async void connect() throws IOStreamError { @@ -42,7 +42,7 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream { reset_stream(conn); conn.accept_certificate.connect(on_invalid_certificate); - conn.accept_certificate.connect((cert, flags) => on_invalid_cert_outer(cert, flags)); + conn.accept_certificate.connect((cert, flags) => on_invalid_cert.func(cert, flags)); } catch (Error e) { stderr.printf("Failed to start TLS: %s\n", e.message); } diff --git a/xmpp-vala/src/core/stream_connect.vala b/xmpp-vala/src/core/stream_connect.vala index b58563f7..833c5131 100644 --- a/xmpp-vala/src/core/stream_connect.vala +++ b/xmpp-vala/src/core/stream_connect.vala @@ -15,6 +15,7 @@ namespace Xmpp { public async XmppStreamResult establish_stream(Jid bare_jid, Gee.List modules, string? log_options, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { Jid remote = bare_jid.domain_jid; + TlsXmppStream.OnInvalidCertWrapper on_invalid_cert_wrapper = new TlsXmppStream.OnInvalidCertWrapper(on_invalid_cert); //Lookup xmpp-client and xmpps-client SRV records GLib.List? targets = new GLib.List(); @@ -58,9 +59,9 @@ namespace Xmpp { foreach (SrvTargetInfo target in targets) { try { if (target.service == "xmpp-client") { - stream = new StartTlsXmppStream(remote, target.host, target.port, (owned)on_invalid_cert); + stream = new StartTlsXmppStream(remote, target.host, target.port, on_invalid_cert_wrapper); } else { - stream = new DirectTlsXmppStream(remote, target.host, target.port, (owned)on_invalid_cert); + stream = new DirectTlsXmppStream(remote, target.host, target.port, on_invalid_cert_wrapper); } stream.log = new XmppLog(bare_jid.to_string(), log_options); diff --git a/xmpp-vala/src/core/tls_xmpp_stream.vala b/xmpp-vala/src/core/tls_xmpp_stream.vala index 043c5c70..6a5e935b 100644 --- a/xmpp-vala/src/core/tls_xmpp_stream.vala +++ b/xmpp-vala/src/core/tls_xmpp_stream.vala @@ -3,6 +3,12 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream { public TlsCertificateFlags? errors; public delegate bool OnInvalidCert(GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors); + public class OnInvalidCertWrapper { + public OnInvalidCert func; + public OnInvalidCertWrapper(owned OnInvalidCert func) { + this.func = (owned) func; + } + } protected TlsXmppStream(Jid remote_name) { base(remote_name);