# HG changeset patch
# User Paul Aurich <paul@darkrain42.org>
# Date 1238778940 0
# Node ID 91583903b478b903259df49dba41cdcd9abef874
# Parent  4f14455a86d23382d0bcfeb0c035fede1001629c
Migrate googleinfo:jabber handlers and add some safety checks.

Do not parse STUN servers from anyone, enforce that they must come from our
bare JID (i.e. our server on behalf of us).

diff -r 4f14455a86d2 -r 91583903b478 libpurple/protocols/jabber/google.c
--- a/libpurple/protocols/jabber/google.c	Fri Apr 03 16:45:38 2009 +0000
+++ b/libpurple/protocols/jabber/google.c	Fri Apr 03 17:15:40 2009 +0000
@@ -1160,48 +1160,77 @@
 }
 
 static void
-jabber_google_jingle_info_cb(JabberStream *js, xmlnode *result,
-	gpointer nullus)
-{	
-	if (result) {
-		const xmlnode *query = 
-			xmlnode_get_child_with_namespace(result, "query", 
-				GOOGLE_JINGLE_INFO_NAMESPACE);
+jabber_google_jingle_info_common(JabberStream *js, const char *from,
+                                 JabberIqType type, xmlnode *query)
+{
+	const xmlnode *stun = xmlnode_get_child(query, "stun");
+	gchar *my_bare_jid;
 
-		if (query) {
-			const xmlnode *stun = xmlnode_get_child(query, "stun");
+	/*
+	 * Make sure that random people aren't sending us STUN servers. Per
+	 * http://code.google.com/apis/talk/jep_extensions/jingleinfo.html, these
+	 * stanzas are stamped from our bare JID.
+	 */
+	if (from) {
+		my_bare_jid = g_strdup_printf("%s@%s", js->user->node, js->user->domain);
+		if (!purple_strequal(from, my_bare_jid)) {
+			purple_debug_warning("jabber", "got google:jingleinfo with invalid from (%s)\n",
+			                  from);
+			g_free(my_bare_jid);
+			return;
+		}
 
-			purple_debug_info("jabber", "got google:jingleinfo\n");
-
-			if (stun) {
-				xmlnode *server = xmlnode_get_child(stun, "server");
+		g_free(my_bare_jid);
+	}
 
-				if (server) {
-					const gchar *host = xmlnode_get_attrib(server, "host");
-					const gchar *udp = xmlnode_get_attrib(server, "udp");
+	if (type == JABBER_IQ_ERROR || type == JABBER_IQ_GET)
+		return;
+
+	purple_debug_info("jabber", "got google:jingleinfo\n");
+
+	if (stun) {
+		xmlnode *server = xmlnode_get_child(stun, "server");
 
-					if (host && udp) {
-						int port = atoi(udp);
-						/* if there, would already be an ongoing query, 
-						 cancel it */
-						if (js->stun_query)
-							purple_dnsquery_destroy(js->stun_query);
+		if (server) {
+			const gchar *host = xmlnode_get_attrib(server, "host");
+			const gchar *udp = xmlnode_get_attrib(server, "udp");
 
-						js->stun_query = purple_dnsquery_a(host, port, 
-							jabber_google_stun_lookup_cb, js);
-					}
-				}
+			if (host && udp) {
+				int port = atoi(udp);
+				/* if there, would already be an ongoing query, 
+				 cancel it */
+				if (js->stun_query)
+					purple_dnsquery_destroy(js->stun_query);
+
+				js->stun_query = purple_dnsquery_a(host, port, 
+					jabber_google_stun_lookup_cb, js);
 			}
-			/* should perhaps handle relays later on, or maybe wait until
-			 Google supports a common standard... */
 		}
 	}
+	/* should perhaps handle relays later on, or maybe wait until
+	 Google supports a common standard... */
+}
+
+static void
+jabber_google_jingle_info_cb(JabberStream *js, const char *from,
+                             JabberIqType type, const char *id,
+                             xmlnode *packet, gpointer data)
+{
+	xmlnode *query = xmlnode_get_child_with_namespace(packet, "query",
+			GOOGLE_JINGLE_INFO_NAMESPACE);
+
+	if (query)
+		jabber_google_jingle_info_common(js, from, type, query);
+	else
+		purple_debug_warning("jabber", "Got invalid google:jingleinfo\n");
 }
 
 void
-jabber_google_handle_jingle_info(JabberStream *js, xmlnode *packet)
+jabber_google_handle_jingle_info(JabberStream *js, const char *from,
+                                 JabberIqType type, const char *id,
+                                 xmlnode *child)
 {
-	jabber_google_jingle_info_cb(js, packet, NULL);
+	jabber_google_jingle_info_common(js, from, type, child);
 }
 
 void
diff -r 4f14455a86d2 -r 91583903b478 libpurple/protocols/jabber/google.h
--- a/libpurple/protocols/jabber/google.h	Fri Apr 03 16:45:38 2009 +0000
+++ b/libpurple/protocols/jabber/google.h	Fri Apr 03 17:15:40 2009 +0000
@@ -53,7 +53,9 @@
 gboolean jabber_google_session_initiate(JabberStream *js, const gchar *who, PurpleMediaSessionType type);
 void jabber_google_session_parse(JabberStream *js, xmlnode *node);
 
-void jabber_google_handle_jingle_info(JabberStream *js, xmlnode *packet);
+void jabber_google_handle_jingle_info(JabberStream *js, const char *from,
+                                      JabberIqType type, const char *id,
+                                      xmlnode *child);
 void jabber_google_send_jingle_info(JabberStream *js);
 
 #endif   /* _PURPLE_GOOGLE_H_ */