Mercurial > pidgin
diff libpurple/protocols/jabber/si.c @ 24693:61e0924de04a
Fix up the XMPP User Avatar SHA1 hashing so that we don't mess up the checksum
when bytes in the checksum start with 0 (for example, 430902... would become
4392...). Refs #7734, which has a second patch needing more detailed review.
committer: John Bailey <rekkanoryo@rekkanoryo.org>
author | Paul Aurich <paul@darkrain42.org> |
---|---|
date | Thu, 11 Dec 2008 08:08:02 +0000 |
parents | f10aba5592c6 |
children | e30e9779e7bf 0d7f02640e2b d7cdbee6d9be |
line wrap: on
line diff
--- a/libpurple/protocols/jabber/si.c Thu Dec 11 07:38:20 2008 +0000 +++ b/libpurple/protocols/jabber/si.c Thu Dec 11 08:08:02 2008 +0000 @@ -23,7 +23,6 @@ #include "internal.h" #include "blist.h" -#include "cipher.h" #include "debug.h" #include "ft.h" #include "request.h" @@ -183,9 +182,6 @@ { JabberSIXfer *jsx = xfer->data; JabberBytestreamsStreamhost *streamhost; - char *dstaddr, *p; - int i; - unsigned char hashval[20]; JabberID *dstjid; if(!jsx->streamhosts) { @@ -221,6 +217,7 @@ /* TODO: Deal with zeroconf */ if(dstjid != NULL && streamhost->host && streamhost->port > 0) { + char *dstaddr, *hash; jsx->gpi = purple_proxy_info_new(); purple_proxy_info_set_type(jsx->gpi, PURPLE_PROXY_SOCKS5); purple_proxy_info_set_host(jsx->gpi, streamhost->host); @@ -234,17 +231,13 @@ dstaddr = g_strdup_printf("%s%s@%s/%s%s@%s/%s", jsx->stream_id, dstjid->node, dstjid->domain, dstjid->resource, jsx->js->user->node, jsx->js->user->domain, jsx->js->user->resource); - purple_cipher_digest_region("sha1", (guchar *)dstaddr, strlen(dstaddr), - sizeof(hashval), hashval, NULL); - g_free(dstaddr); - dstaddr = g_malloc(41); - p = dstaddr; - for(i=0; i<20; i++, p+=2) - snprintf(p, 3, "%02x", hashval[i]); + /* Per XEP-0065, the 'host' must be SHA1(SID + from JID + to JID) */ + hash = jabber_calculate_data_sha1sum(dstaddr, strlen(dstaddr)); jsx->connect_data = purple_proxy_connect_socks5(NULL, jsx->gpi, - dstaddr, 0, + hash, 0, jabber_si_bytestreams_connect_cb, xfer); + g_free(hash); g_free(dstaddr); /* When selecting a streamhost, timeout after STREAMHOST_CONNECT_TIMEOUT seconds, otherwise it takes forever */ @@ -361,11 +354,9 @@ { PurpleXfer *xfer = data; JabberSIXfer *jsx = xfer->data; - int i; char buffer[256]; int len; - char *dstaddr, *p; - unsigned char hashval[20]; + char *dstaddr, *hash; const char *host; purple_debug_info("jabber", "in jabber_si_xfer_bytestreams_send_read_again_cb\n"); @@ -421,23 +412,20 @@ jsx->js->user->node, jsx->js->user->domain, jsx->js->user->resource, xfer->who); - purple_cipher_digest_region("sha1", (guchar *)dstaddr, strlen(dstaddr), - sizeof(hashval), hashval, NULL); - g_free(dstaddr); - dstaddr = g_malloc(41); - p = dstaddr; - for(i=0; i<20; i++, p+=2) - snprintf(p, 3, "%02x", hashval[i]); + /* Per XEP-0065, the 'host' must be SHA1(SID + from JID + to JID) */ + hash = jabber_calculate_data_sha1sum(dstaddr, strlen(dstaddr)); - if(jsx->rxqueue[4] != 40 || strncmp(dstaddr, jsx->rxqueue+5, 40) || + if(jsx->rxqueue[4] != 40 || strncmp(hash, jsx->rxqueue+5, 40) || jsx->rxqueue[45] != 0x00 || jsx->rxqueue[46] != 0x00) { purple_debug_error("jabber", "someone connected with the wrong info!\n"); close(source); purple_xfer_cancel_remote(xfer); + g_free(hash); g_free(dstaddr); return; } + g_free(hash); g_free(dstaddr); g_free(jsx->rxqueue);