diff options
| author | Paul Fariello <paul@fariello.eu> | 2020-01-11 22:29:46 +0100 |
|---|---|---|
| committer | Paul Fariello <paul@fariello.eu> | 2020-01-20 14:34:09 +0100 |
| commit | 0dfed1f4c718be4edf2da9571bad447f8047400f (patch) | |
| tree | 5ee14b19e027dce018747b71337ee4517177c2d7 /src/xmpp/omemo.c | |
| parent | 84506cbaebdf14bb95a04245c8651fc402706c73 (diff) | |
| download | profani-tty-0dfed1f4c718be4edf2da9571bad447f8047400f.tar.gz | |
Ignore invalid base64 in OMEMO stanzas
Fixes #1239
Diffstat (limited to 'src/xmpp/omemo.c')
| -rw-r--r-- | src/xmpp/omemo.c | 54 |
1 files changed, 44 insertions, 10 deletions
diff --git a/src/xmpp/omemo.c b/src/xmpp/omemo.c index ba373c4f..231a01d5 100644 --- a/src/xmpp/omemo.c +++ b/src/xmpp/omemo.c @@ -209,7 +209,7 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons const char *prekey_id_text = xmpp_stanza_get_attribute(prekey, "preKeyId"); if (!prekey_id_text) { omemo_key_free(key); - goto out; + continue; } key->id = strtoul(prekey_id_text, NULL, 10); @@ -217,12 +217,16 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons if (!prekey_text) { omemo_key_free(key); - goto out; + continue; } char *prekey_b64 = xmpp_stanza_get_text(prekey_text); key->data = g_base64_decode(prekey_b64, &key->length); free(prekey_b64); + if (!key->data) { + omemo_key_free(key); + continue; + } key->prekey = TRUE; key->device_id = device_id; @@ -248,6 +252,9 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons char *signed_prekey_b64 = xmpp_stanza_get_text(signed_prekey_text); signed_prekey_raw = g_base64_decode(signed_prekey_b64, &signed_prekey_len); free(signed_prekey_b64); + if (!signed_prekey_raw) { + goto out; + } xmpp_stanza_t *signed_prekey_signature = xmpp_stanza_get_child_by_name(bundle, "signedPreKeySignature"); if (!signed_prekey_signature) { @@ -261,6 +268,9 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons char *signed_prekey_signature_b64 = xmpp_stanza_get_text(signed_prekey_signature_text); signed_prekey_signature_raw = g_base64_decode(signed_prekey_signature_b64, &signed_prekey_signature_len); free(signed_prekey_signature_b64); + if (!signed_prekey_signature_raw) { + goto out; + } xmpp_stanza_t *identity_key = xmpp_stanza_get_child_by_name(bundle, "identityKey"); if (!identity_key) { @@ -274,6 +284,9 @@ omemo_start_device_session_handle_bundle(xmpp_stanza_t *const stanza, void *cons char *identity_key_b64 = xmpp_stanza_get_text(identity_key_text); unsigned char *identity_key_raw = g_base64_decode(identity_key_b64, &identity_key_len); free(identity_key_b64); + if (!identity_key_raw) { + goto out; + } omemo_start_device_session(from, device_id, prekeys_list, signed_prekey_id, signed_prekey_raw, signed_prekey_len, signed_prekey_signature_raw, @@ -298,6 +311,7 @@ out: char * omemo_receive_message(xmpp_stanza_t *const stanza, gboolean *trusted) { + char *plaintext = NULL; const char *type = xmpp_stanza_get_type(stanza); xmpp_stanza_t *encrypted = xmpp_stanza_get_child_by_ns(stanza, STANZA_NS_OMEMO); @@ -326,17 +340,23 @@ omemo_receive_message(xmpp_stanza_t *const stanza, gboolean *trusted) } size_t iv_len; unsigned char *iv_raw = g_base64_decode(iv_text, &iv_len); + if (!iv_raw) { + goto out; + } xmpp_stanza_t *payload = xmpp_stanza_get_child_by_name(encrypted, "payload"); if (!payload) { - return NULL; + goto out; } char *payload_text = xmpp_stanza_get_text(payload); if (!payload_text) { - return NULL; + goto out; } size_t payload_len; unsigned char *payload_raw = g_base64_decode(payload_text, &payload_len); + if (!payload_raw) { + goto out; + } GList *keys = NULL; xmpp_stanza_t *key_stanza; @@ -359,6 +379,9 @@ omemo_receive_message(xmpp_stanza_t *const stanza, gboolean *trusted) key->data = g_base64_decode(key_text, &key->length); free(key_text); + if (!key->data) { + goto skip; + } key->prekey = g_strcmp0(xmpp_stanza_get_attribute(key_stanza, "prekey"), "true") == 0 || g_strcmp0(xmpp_stanza_get_attribute(key_stanza, "prekey"), "1") == 0; @@ -371,15 +394,26 @@ skip: const char *from = xmpp_stanza_get_from(stanza); - char *plaintext = omemo_on_message_recv(from, sid, iv_raw, iv_len, + plaintext = omemo_on_message_recv(from, sid, iv_raw, iv_len, keys, payload_raw, payload_len, g_strcmp0(type, STANZA_TYPE_GROUPCHAT) == 0, trusted); - g_list_free_full(keys, (GDestroyNotify)omemo_key_free); - g_free(iv_raw); - g_free(payload_raw); - g_free(iv_text); - g_free(payload_text); +out: + if (keys) { + g_list_free_full(keys, (GDestroyNotify)omemo_key_free); + } + if (iv_raw) { + g_free(iv_raw); + } + if (payload_raw) { + g_free(payload_raw); + } + if (payload_raw) { + g_free(iv_text); + } + if (payload_raw) { + g_free(payload_text); + } return plaintext; } |