From 97194f5e5c6ed3c6b4156f7f457d1dbf11f31ec7 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Fri, 15 May 2015 12:29:45 +0200 Subject: fixed muc mam. added a few security checks --- .../siacs/conversations/parser/MessageParser.java | 48 +++++++++++----------- .../services/MessageArchiveService.java | 12 +++++- 2 files changed, 35 insertions(+), 25 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/parser/MessageParser.java b/src/main/java/eu/siacs/conversations/parser/MessageParser.java index 339aeb7f..d254a863 100644 --- a/src/main/java/eu/siacs/conversations/parser/MessageParser.java +++ b/src/main/java/eu/siacs/conversations/parser/MessageParser.java @@ -181,31 +181,34 @@ public class MessageParser extends AbstractParser implements final MessagePacket packet; Long timestamp = null; final boolean isForwarded; - MessageArchiveService.Query query = null; String serverMsgId = null; - if (original.fromServer(account)) { + final Element fin = original.findChild("fin", "urn:xmpp:mam:0"); + if (fin != null) { + mXmppConnectionService.getMessageArchiveService().processFin(fin,original.getFrom()); + return; + } + final Element result = original.findChild("result","urn:xmpp:mam:0"); + final MessageArchiveService.Query query = result == null ? null : mXmppConnectionService.getMessageArchiveService().findQuery(result.getAttribute("queryid")); + if (query != null && query.validFrom(original.getFrom())) { + Pair f = original.getForwardedMessagePacket("result", "urn:xmpp:mam:0"); + if (f == null) { + return; + } + timestamp = f.second; + packet = f.first; + isForwarded = true; + serverMsgId = result.getAttribute("id"); + query.incrementTotalCount(); + } else if (query != null) { + Log.d(Config.LOGTAG,account.getJid().toBareJid()+": received mam result from invalid sender"); + return; + } else if (original.fromServer(account)) { Pair f; f = original.getForwardedMessagePacket("received", "urn:xmpp:carbons:2"); f = f == null ? original.getForwardedMessagePacket("sent", "urn:xmpp:carbons:2") : f; - f = f == null ? original.getForwardedMessagePacket("result", "urn:xmpp:mam:0") : f; packet = f != null ? f.first : original; timestamp = f != null ? f.second : null; isForwarded = f != null; - - Element fin = original.findChild("fin", "urn:xmpp:mam:0"); - if (fin != null) { - mXmppConnectionService.getMessageArchiveService().processFin(fin); - return; - } - - final Element result = original.findChild("result","urn:xmpp:mam:0"); - if (result != null) { - query = mXmppConnectionService.getMessageArchiveService().findQuery(result.getAttribute("queryid")); - if (query != null) { - query.incrementTotalCount(); - } - serverMsgId = result.getAttribute("id"); - } } else { packet = original; isForwarded = false; @@ -216,9 +219,9 @@ public class MessageParser extends AbstractParser implements final String body = packet.getBody(); final String encrypted = packet.findChildContent("x", "jabber:x:encrypted"); int status; + final Jid counterpart; final Jid to = packet.getTo(); final Jid from = packet.getFrom(); - final Jid counterpart; final String remoteMsgId = packet.getId(); boolean isTypeGroupChat = packet.getType() == MessagePacket.TYPE_GROUPCHAT; boolean properlyAddressed = !to.isBareJid() || account.countPresences() == 1; @@ -312,6 +315,7 @@ public class MessageParser extends AbstractParser implements } else { message.markUnread(); } + mXmppConnectionService.updateConversationUi(); } if (mXmppConnectionService.confirmMessages() && remoteMsgId != null && !isForwarded) { @@ -339,8 +343,7 @@ public class MessageParser extends AbstractParser implements conversation.endOtrIfNeeded(); } - if (message.getEncryption() == Message.ENCRYPTION_NONE - || mXmppConnectionService.saveEncryptedMessages()) { + if (message.getEncryption() == Message.ENCRYPTION_NONE || mXmppConnectionService.saveEncryptedMessages()) { mXmppConnectionService.databaseBackend.createMessage(message); } final HttpConnectionManager manager = this.mXmppConnectionService.getHttpConnectionManager(); @@ -349,8 +352,7 @@ public class MessageParser extends AbstractParser implements } else if (!message.isRead()) { mXmppConnectionService.getNotificationService().push(message); } - mXmppConnectionService.updateConversationUi(); - } else { + } else { //no body if (packet.hasChild("subject") && isTypeGroupChat) { Conversation conversation = mXmppConnectionService.find(account, from.toBareJid()); if (conversation != null && conversation.getMode() == Conversation.MODE_MULTI) { diff --git a/src/main/java/eu/siacs/conversations/services/MessageArchiveService.java b/src/main/java/eu/siacs/conversations/services/MessageArchiveService.java index f97077c4..0bc428c8 100644 --- a/src/main/java/eu/siacs/conversations/services/MessageArchiveService.java +++ b/src/main/java/eu/siacs/conversations/services/MessageArchiveService.java @@ -166,12 +166,12 @@ public class MessageArchiveService implements OnAdvancedStreamFeaturesLoaded { } } - public void processFin(Element fin) { + public void processFin(Element fin, Jid from) { if (fin == null) { return; } Query query = findQuery(fin.getAttribute("queryid")); - if (query == null) { + if (query == null || !query.validFrom(from)) { return; } boolean complete = fin.getAttributeAsBoolean("complete"); @@ -336,6 +336,14 @@ public class MessageArchiveService implements OnAdvancedStreamFeaturesLoaded { return this.messageCount; } + public boolean validFrom(Jid from) { + if (muc()) { + return getWith().equals(from); + } else { + return (from == null) || account.getJid().toBareJid().equals(from.toBareJid()); + } + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); -- cgit v1.2.3