Mercurial > pidgin

diff libpurple/protocols/jabber/data.c @ 29630:9f59abd49def

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jabber: Validate the hash on incoming BoB objects (in case the CID is on the form algo+hash@bob.xmpp.org).
author Marcus Lundblad <ml@update.uu.se>
date Mon, 22 Mar 2010 21:34:17 +0000
parents 2b52480439ee
children 1bde873d1b94 f14cbb6a28a7
line wrap: on
line diff
--- a/libpurple/protocols/jabber/data.c	Mon Mar 22 20:15:55 2010 +0000
+++ b/libpurple/protocols/jabber/data.c	Mon Mar 22 21:34:17 2010 +0000
@@ -39,7 +39,7 @@
 	JabberStream *js)
 {
 	JabberData *data = g_new0(JabberData, 1);
-	gchar *checksum = jabber_calculate_data_sha1sum(rawdata, size);
+	gchar *checksum = jabber_calculate_data_hash(rawdata, size, "sha1");
 	gchar cid[256];
 
 	g_snprintf(cid, sizeof(cid), "sha1+%s@bob.xmpp.org", checksum);
@@ -54,6 +54,69 @@
 	return data;
 }
 
+
+static gboolean
+jabber_data_has_valid_hash(const JabberData *data)
+{
+	const gchar *cid = jabber_data_get_cid(data);
+	gchar **cid_parts = g_strsplit(cid, "@", -1);
+	gchar **iter;
+	int num_parts = 0;
+
+	purple_debug_info("jabber", "validating BoB hash %s\n", cid);
+	
+	for (iter = cid_parts; *iter != NULL ; iter++) {
+		num_parts++;
+	}
+
+	if (num_parts == 2 && purple_strequal(cid_parts[1], "bob.xmpp.org")) {
+		gchar **sub_parts = g_strsplit(cid_parts[0], "+", -1);
+
+		num_parts = 0;
+		for (iter = sub_parts ; *iter != NULL ; iter++) {
+			num_parts++;
+		}
+
+		if (num_parts == 2) {
+			const gchar *hash_algo = sub_parts[0];
+			const gchar *hash_value = sub_parts[1];
+			gchar *digest =
+				jabber_calculate_data_hash(jabber_data_get_data(data),
+				    jabber_data_get_size(data), hash_algo);
+
+			purple_debug_info("jabber", "BoB expecting hash: %s\n", digest);
+			
+			if (digest) {
+				gboolean result = purple_strequal(digest, hash_value);
+
+				if (!result) {
+					purple_debug_error("jabber", "invalid BoB hash\n");
+				}
+				g_free(digest);
+				return result;
+			} else {
+				purple_debug_info("jabber", "unknown BoB hash algo\n");
+				return FALSE;
+			}
+		} else {
+			return TRUE;
+		}
+	} else {
+		return TRUE;
+	}
+}
+
+static void
+jabber_data_delete(gpointer cbdata)
+{
+	JabberData *data = cbdata;
+	g_free(data->cid);
+	g_free(data->type);
+	g_free(data->data);
+	g_free(data);
+}
+
+
 JabberData *
 jabber_data_create_from_xml(xmlnode *tag)
 {
@@ -96,18 +159,12 @@
 	data->cid = g_strdup(cid);
 	data->type = g_strdup(type);
 
-	return data;
-}
-
+	if (!jabber_data_has_valid_hash(data)) {
+		jabber_data_delete(data);
+		return NULL;
+	}
 
-static void
-jabber_data_delete(gpointer cbdata)
-{
-	JabberData *data = cbdata;
-	g_free(data->cid);
-	g_free(data->type);
-	g_free(data->data);
-	g_free(data);
+	return data;
 }
 
 const char *
@@ -205,8 +262,12 @@
 			if (!ephemeral) {
 				jabber_data_associate_remote(data);
 			}
-			/* TODO: validate hash */
 			cb(data, alt, userdata);
+		} else {
+			/* could not validate hash when creating data from XML */
+			purple_debug_info("jabber",
+			    "hash validation failed on requested BoB object\n");
+			cb(NULL, alt, userdata);
 		}
 	} else if (item_not_found) {
 		purple_debug_info("jabber",