Mercurial > pidgin
annotate libpurple/tests/test_jabber_caps.c @ 32797:aacfb71133cc
Fix a possible MSN remote crash
Incoming messages with certain characters or character encodings
can cause clients to crash. The fix is for the contents of all
incoming plaintext messages are converted to UTF-8 and validated
before used.
This was reported to us by Fabian Yamaguchi and this patch was written
by Elliott Sales de Andrade (maybe with small, insignificant changes by me)
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Mon, 07 May 2012 03:18:08 +0000 |
| parents | 502b9d2f2d7a |
| children |
| rev | line source |
|---|---|
|
30254
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
1 #include <string.h> |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
2 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
3 #include "tests.h" |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
4 #include "../xmlnode.h" |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
5 #include "../protocols/jabber/caps.h" |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
6 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
7 START_TEST(test_parse_invalid) |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
8 { |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
9 xmlnode *query; |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
10 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
11 fail_unless(NULL == jabber_caps_parse_client_info(NULL)); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
12 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
13 /* Something other than a disco#info query */ |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
14 query = xmlnode_new("foo"); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
15 fail_unless(NULL == jabber_caps_parse_client_info(query)); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
16 xmlnode_free(query); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
17 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
18 query = xmlnode_new("query"); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
19 fail_unless(NULL == jabber_caps_parse_client_info(query)); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
20 xmlnode_set_namespace(query, "jabber:iq:last"); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
21 fail_unless(NULL == jabber_caps_parse_client_info(query)); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
22 xmlnode_free(query); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
23 } |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
24 END_TEST |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
25 |
|
30255
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
26 #define assert_caps_calculate_match(hash_func, hash, str) { \ |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
27 xmlnode *query = xmlnode_from_str((str), -1); \ |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
28 JabberCapsClientInfo *info = jabber_caps_parse_client_info(query); \ |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
29 gchar *got_hash = jabber_caps_calculate_hash(info, (hash_func)); \ |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
30 assert_string_equal_free((hash), got_hash); \ |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
31 } |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
32 |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
33 START_TEST(test_calculate_caps) |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
34 { |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
35 assert_caps_calculate_match("sha1", "GNjxthSckUNvAIoCCJFttjl6VL8=", |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
36 "<query xmlns='http://jabber.org/protocol/disco#info' node='http://tkabber.jabber.ru/#GNjxthSckUNvAIoCCJFttjl6VL8='><identity category='client' type='pc' name='Tkabber'/><x xmlns='jabber:x:data' type='result'><field var='FORM_TYPE' type='hidden'><value>urn:xmpp:dataforms:softwareinfo</value></field><field var='software'><value>Tkabber</value></field><field var='software_version'><value> ( 8.5.5 )</value></field><field var='os'><value>ATmega640-16AU</value></field><field var='os_version'><value/></field></x><feature var='games:board'/><feature var='google:mail:notify'/><feature var='http://jabber.org/protocol/activity'/><feature var='http://jabber.org/protocol/bytestreams'/><feature var='http://jabber.org/protocol/chatstates'/><feature var='http://jabber.org/protocol/commands'/><feature var='http://jabber.org/protocol/commands'/><feature var='http://jabber.org/protocol/disco#info'/><feature var='http://jabber.org/protocol/disco#items'/><feature var='http://jabber.org/protocol/feature-neg'/><feature var='http://jabber.org/protocol/geoloc'/><feature var='http://jabber.org/protocol/ibb'/><feature var='http://jabber.org/protocol/iqibb'/><feature var='http://jabber.org/protocol/mood'/><feature var='http://jabber.org/protocol/muc'/><feature var='http://jabber.org/protocol/mute#ancestor'/><feature var='http://jabber.org/protocol/mute#editor'/><feature var='http://jabber.org/protocol/rosterx'/><feature var='http://jabber.org/protocol/si'/><feature var='http://jabber.org/protocol/si/profile/file-transfer'/><feature var='http://jabber.org/protocol/tune'/><feature var='jabber:iq:avatar'/><feature var='jabber:iq:browse'/><feature var='jabber:iq:dtcp'/><feature var='jabber:iq:filexfer'/><feature var='jabber:iq:ibb'/><feature var='jabber:iq:inband'/><feature var='jabber:iq:jidlink'/><feature var='jabber:iq:last'/><feature var='jabber:iq:oob'/><feature var='jabber:iq:privacy'/><feature var='jabber:iq:time'/><feature var='jabber:iq:version'/><feature var='jabber:x:data'/><feature var='jabber:x:event'/><feature var='jabber:x:oob'/><feature var='urn:xmpp:ping'/><feature var='urn:xmpp:receipts'/><feature var='urn:xmpp:time'/></query>"); |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
37 } |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
38 END_TEST |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
39 |
|
30254
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
40 Suite * |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
41 jabber_caps_suite(void) |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
42 { |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
43 Suite *s = suite_create("Jabber Caps Functions"); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
44 |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
45 TCase *tc = tcase_create("Parsing invalid ndoes"); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
46 tcase_add_test(tc, test_parse_invalid); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
47 suite_add_tcase(s, tc); |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
48 |
|
30255
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
49 tc = tcase_create("Calculating from XMLnode"); |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
50 tcase_add_test(tc, test_calculate_caps); |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
51 suite_add_tcase(s, tc); |
|
502b9d2f2d7a
jabber: Don't crash on caps that include an empty <value/> in the Software Information extended info. Fixes #12292
Paul Aurich <paul@darkrain42.org>
parents:
30254
diff
changeset
|
52 |
|
30254
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
53 return s; |
|
6362579b3d2e
jabber: Start adding some caps tests
Paul Aurich <paul@darkrain42.org>
parents:
diff
changeset
|
54 } |