"/bookmark add foo" crash - fix

A user providing an invalid JID when creating a new bookmark (like 'foo') would reproducibly crash/segfault profanity, as it insists on checking string length behind the @ of the JID. However, it could be NULL if the user accidentally omitted it. The patch avoids the crash by NULL-checking and prevents getting there in the first place by checking the argument to "add". Backtrace of unpatched profanity with above command: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x00007fff85699732 in strlen () (gdb) bt #0 0x00007fff85699732 in strlen () #1 0x00000001000965d2 in xmpp_strdup () #2 0x0000000100095d6d in xmpp_stanza_set_attribute () #3 0x0000000100011c5c in _send_bookmarks () #4 0x00000001000115a8 in _bookmark_add () #5 0x000000010003320d in cmd_bookmark () #6 0x000000010002a0f2 in cmd_execute () #7 0x0000000100003a1d in process_input () #8 0x00000001000037c7 in prof_run () #9 0x0000000100045032 in main () (gdb)
author: Jan Hacker <jan@hacker.ch> 2014-08-17 22:22:12 +0200
committer: Jan Hacker <jan@hacker.ch> 2014-08-17 22:22:12 +0200
commit: e87eb4c40e16efb7b7f244789f63cb139336e3d3 (patch)
tree: 39db9e8989d59cf13687958c81bcdedfe0a34a9e
parent: 225312802e8c7fbc904403af119207d782b2f840 (diff)
download: profani-tty-e87eb4c40e16efb7b7f244789f63cb139336e3d3.tar.gz
2 files changed, 11 insertions, 5 deletions
diff --git a/src/command/commands.c b/src/command/commands.c
index be6f4dfb..fdb4017c 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -1865,11 +1865,15 @@ cmd_bookmark(gchar **args, struct cmd_help_t help)
         }
 
         if (strcmp(cmd, "add") == 0) {
-            gboolean added = bookmark_add(jid, nick, password, autojoin);
-            if (added) {
-                cons_show("Bookmark added for %s.", jid);
+            if (strchr(jid, '@')==NULL) {
+                cons_show("Can't add bookmark with JID '%s'; should be '%s@domain.tld'", jid, jid);
             } else {
-                cons_show("Bookmark already exists, use /bookmark update to edit.");
+                gboolean added = bookmark_add(jid, nick, password, autojoin);
+                if (added) {
+                    cons_show("Bookmark added for %s.", jid);
+                } else {
+                    cons_show("Bookmark already exists, use /bookmark update to edit.");
+                }
             }
         } else if (strcmp(cmd, "update") == 0) {
             gboolean updated = bookmark_update(jid, nick, password, autojoin);
diff --git a/src/xmpp/bookmark.c b/src/xmpp/bookmark.c
index e23c185c..743baf39 100644
--- a/src/xmpp/bookmark.c
+++ b/src/xmpp/bookmark.c
@@ -422,7 +422,9 @@ _send_bookmarks(void)
         xmpp_stanza_set_attribute(conference, STANZA_ATTR_JID, bookmark->jid);
 
         Jid *jidp = jid_create(bookmark->jid);
-        xmpp_stanza_set_attribute(conference, STANZA_ATTR_NAME, jidp->localpart);
+        if (jidp->localpart != NULL) {
+            xmpp_stanza_set_attribute(conference, STANZA_ATTR_NAME, jidp->localpart);
+        }
         jid_destroy(jidp);
 
         if (bookmark->autojoin) {
author	Jan Hacker <jan@hacker.ch>	2014-08-17 22:22:12 +0200
committer	Jan Hacker <jan@hacker.ch>	2014-08-17 22:22:12 +0200
commit	e87eb4c40e16efb7b7f244789f63cb139336e3d3 (patch)
tree	39db9e8989d59cf13687958c81bcdedfe0a34a9e
parent	225312802e8c7fbc904403af119207d782b2f840 (diff)
download	profani-tty-e87eb4c40e16efb7b7f244789f63cb139336e3d3.tar.gz