narayana/conversations-classic
3
2
Fork 0
Code Issues 3 Pull requests 2 Actions Packages Projects Releases 4 Wiki Activity

fixed muc mam. added a few security checks

Browse source
This commit is contained in:
Daniel Gultsch 2015-05-15 12:29:45 +02:00
parent eeebebe32a
commit 1b5631c835
2 changed files with 35 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
src/main/java/eu/siacs/conversations/parser/MessageParser.java
View file

@ -181,31 +181,34 @@ public class MessageParser extends AbstractParser implements
final MessagePacket packet; final MessagePacket packet;
Long timestamp = null; Long timestamp = null;
final boolean isForwarded; final boolean isForwarded;
MessageArchiveService.Query query = null;
String serverMsgId = null; String serverMsgId = null;
if (original.fromServer(account)) { final Element fin = original.findChild("fin", "urn:xmpp:mam:0");
if (fin != null) {
mXmppConnectionService.getMessageArchiveService().processFin(fin,original.getFrom());
return;
}
final Element result = original.findChild("result","urn:xmpp:mam:0");
final MessageArchiveService.Query query = result == null ? null : mXmppConnectionService.getMessageArchiveService().findQuery(result.getAttribute("queryid"));
if (query != null && query.validFrom(original.getFrom())) {
Pair<MessagePacket, Long> f = original.getForwardedMessagePacket("result", "urn:xmpp:mam:0");
if (f == null) {
return;
}
timestamp = f.second;
packet = f.first;
isForwarded = true;
serverMsgId = result.getAttribute("id");
query.incrementTotalCount();
} else if (query != null) {
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": received mam result from invalid sender");
return;
} else if (original.fromServer(account)) {
Pair<MessagePacket, Long> f; Pair<MessagePacket, Long> f;
f = original.getForwardedMessagePacket("received", "urn:xmpp:carbons:2"); f = original.getForwardedMessagePacket("received", "urn:xmpp:carbons:2");
f = f == null ? original.getForwardedMessagePacket("sent", "urn:xmpp:carbons:2") : f; f = f == null ? original.getForwardedMessagePacket("sent", "urn:xmpp:carbons:2") : f;
f = f == null ? original.getForwardedMessagePacket("result", "urn:xmpp:mam:0") : f;
packet = f != null ? f.first : original; packet = f != null ? f.first : original;
timestamp = f != null ? f.second : null; timestamp = f != null ? f.second : null;
isForwarded = f != null; isForwarded = f != null;
Element fin = original.findChild("fin", "urn:xmpp:mam:0");
if (fin != null) {
mXmppConnectionService.getMessageArchiveService().processFin(fin);
return;
}
final Element result = original.findChild("result","urn:xmpp:mam:0");
if (result != null) {
query = mXmppConnectionService.getMessageArchiveService().findQuery(result.getAttribute("queryid"));
if (query != null) {
query.incrementTotalCount();
}
serverMsgId = result.getAttribute("id");
}
} else { } else {
packet = original; packet = original;
isForwarded = false; isForwarded = false;
@ -216,9 +219,9 @@ public class MessageParser extends AbstractParser implements
final String body = packet.getBody(); final String body = packet.getBody();
final String encrypted = packet.findChildContent("x", "jabber:x:encrypted"); final String encrypted = packet.findChildContent("x", "jabber:x:encrypted");
int status; int status;
final Jid counterpart;
final Jid to = packet.getTo(); final Jid to = packet.getTo();
final Jid from = packet.getFrom(); final Jid from = packet.getFrom();
final Jid counterpart;
final String remoteMsgId = packet.getId(); final String remoteMsgId = packet.getId();
boolean isTypeGroupChat = packet.getType() == MessagePacket.TYPE_GROUPCHAT; boolean isTypeGroupChat = packet.getType() == MessagePacket.TYPE_GROUPCHAT;
boolean properlyAddressed = !to.isBareJid() || account.countPresences() == 1; boolean properlyAddressed = !to.isBareJid() || account.countPresences() == 1;
@ -312,6 +315,7 @@ public class MessageParser extends AbstractParser implements
} else { } else {
message.markUnread(); message.markUnread();
} }
mXmppConnectionService.updateConversationUi();
} }
if (mXmppConnectionService.confirmMessages() && remoteMsgId != null && !isForwarded) { if (mXmppConnectionService.confirmMessages() && remoteMsgId != null && !isForwarded) {
@ -339,8 +343,7 @@ public class MessageParser extends AbstractParser implements
conversation.endOtrIfNeeded(); conversation.endOtrIfNeeded();
} }
if (message.getEncryption() == Message.ENCRYPTION_NONE if (message.getEncryption() == Message.ENCRYPTION_NONE || mXmppConnectionService.saveEncryptedMessages()) {
|| mXmppConnectionService.saveEncryptedMessages()) {
mXmppConnectionService.databaseBackend.createMessage(message); mXmppConnectionService.databaseBackend.createMessage(message);
} }
final HttpConnectionManager manager = this.mXmppConnectionService.getHttpConnectionManager(); final HttpConnectionManager manager = this.mXmppConnectionService.getHttpConnectionManager();
@ -349,8 +352,7 @@ public class MessageParser extends AbstractParser implements
} else if (!message.isRead()) { } else if (!message.isRead()) {
mXmppConnectionService.getNotificationService().push(message); mXmppConnectionService.getNotificationService().push(message);
} }
mXmppConnectionService.updateConversationUi(); } else { //no body
} else {
if (packet.hasChild("subject") && isTypeGroupChat) { if (packet.hasChild("subject") && isTypeGroupChat) {
Conversation conversation = mXmppConnectionService.find(account, from.toBareJid()); Conversation conversation = mXmppConnectionService.find(account, from.toBareJid());
if (conversation != null && conversation.getMode() == Conversation.MODE_MULTI) { if (conversation != null && conversation.getMode() == Conversation.MODE_MULTI) {

12
src/main/java/eu/siacs/conversations/services/MessageArchiveService.java
View file

@ -166,12 +166,12 @@ public class MessageArchiveService implements OnAdvancedStreamFeaturesLoaded {
} }
} }
public void processFin(Element fin) { public void processFin(Element fin, Jid from) {
if (fin == null) { if (fin == null) {
return; return;
} }
Query query = findQuery(fin.getAttribute("queryid")); Query query = findQuery(fin.getAttribute("queryid"));
if (query == null) { if (query == null || !query.validFrom(from)) {
return; return;
} }
boolean complete = fin.getAttributeAsBoolean("complete"); boolean complete = fin.getAttributeAsBoolean("complete");
@ -336,6 +336,14 @@ public class MessageArchiveService implements OnAdvancedStreamFeaturesLoaded {
return this.messageCount; return this.messageCount;
} }
public boolean validFrom(Jid from) {
if (muc()) {
return getWith().equals(from);
} else {
return (from == null) || account.getJid().toBareJid().equals(from.toBareJid());
}
}
@Override @Override
public String toString() { public String toString() {
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();