anotherim/anotherim-desktop
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix segfault on bad certificate with multiple xmpp records

Browse source 
Co-authored-by: Marvin W <git@larma.de>
This commit is contained in:
fiaxh 2021-04-07 23:39:02 +02:00
parent 332c772fbe
commit a91cada4fb
4 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
xmpp-vala/src/core/direct_tls_xmpp_stream.vala
View file

@ -2,13 +2,13 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream {
string host; string host;
uint16 port; uint16 port;
TlsXmppStream.OnInvalidCert on_invalid_cert_outer; TlsXmppStream.OnInvalidCertWrapper on_invalid_cert;
public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { public DirectTlsXmppStream(Jid remote_name, string host, uint16 port, TlsXmppStream.OnInvalidCertWrapper on_invalid_cert) {
base(remote_name); base(remote_name);
this.host = host; this.host = host;
this.port = port; this.port = port;
this.on_invalid_cert_outer = (owned)on_invalid_cert; this.on_invalid_cert = on_invalid_cert;
} }
public override async void connect() throws IOStreamError { public override async void connect() throws IOStreamError {
@ -21,7 +21,7 @@ public class Xmpp.DirectTlsXmppStream : TlsXmppStream {
tls_connection.set_advertised_protocols(new string[]{"xmpp-client"}); tls_connection.set_advertised_protocols(new string[]{"xmpp-client"});
#endif #endif
tls_connection.accept_certificate.connect(on_invalid_certificate); tls_connection.accept_certificate.connect(on_invalid_certificate);
tls_connection.accept_certificate.connect((cert, flags) => on_invalid_cert_outer(cert, flags)); tls_connection.accept_certificate.connect((cert, flags) => on_invalid_cert.func(cert, flags));
reset_stream(tls_connection); reset_stream(tls_connection);
yield setup(); yield setup();

8
xmpp-vala/src/core/starttls_xmpp_stream.vala
View file

@ -4,13 +4,13 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
string host; string host;
uint16 port; uint16 port;
TlsXmppStream.OnInvalidCert on_invalid_cert_outer; TlsXmppStream.OnInvalidCertWrapper on_invalid_cert;
public StartTlsXmppStream(Jid remote, string host, uint16 port, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { public StartTlsXmppStream(Jid remote, string host, uint16 port, TlsXmppStream.OnInvalidCertWrapper on_invalid_cert) {
base(remote); base(remote);
this.host = host; this.host = host;
this.port = port; this.port = port;
this.on_invalid_cert_outer = (owned)on_invalid_cert; this.on_invalid_cert = on_invalid_cert;
} }
public override async void connect() throws IOStreamError { public override async void connect() throws IOStreamError {
@ -42,7 +42,7 @@ public class Xmpp.StartTlsXmppStream : TlsXmppStream {
reset_stream(conn); reset_stream(conn);
conn.accept_certificate.connect(on_invalid_certificate); conn.accept_certificate.connect(on_invalid_certificate);
conn.accept_certificate.connect((cert, flags) => on_invalid_cert_outer(cert, flags)); conn.accept_certificate.connect((cert, flags) => on_invalid_cert.func(cert, flags));
} catch (Error e) { } catch (Error e) {
stderr.printf("Failed to start TLS: %s\n", e.message); stderr.printf("Failed to start TLS: %s\n", e.message);
} }

5
xmpp-vala/src/core/stream_connect.vala
View file

@ -15,6 +15,7 @@ namespace Xmpp {
public async XmppStreamResult establish_stream(Jid bare_jid, Gee.List<XmppStreamModule> modules, string? log_options, owned TlsXmppStream.OnInvalidCert on_invalid_cert) { public async XmppStreamResult establish_stream(Jid bare_jid, Gee.List<XmppStreamModule> modules, string? log_options, owned TlsXmppStream.OnInvalidCert on_invalid_cert) {
Jid remote = bare_jid.domain_jid; Jid remote = bare_jid.domain_jid;
TlsXmppStream.OnInvalidCertWrapper on_invalid_cert_wrapper = new TlsXmppStream.OnInvalidCertWrapper(on_invalid_cert);
//Lookup xmpp-client and xmpps-client SRV records //Lookup xmpp-client and xmpps-client SRV records
GLib.List<SrvTargetInfo>? targets = new GLib.List<SrvTargetInfo>(); GLib.List<SrvTargetInfo>? targets = new GLib.List<SrvTargetInfo>();
@ -58,9 +59,9 @@ namespace Xmpp {
foreach (SrvTargetInfo target in targets) { foreach (SrvTargetInfo target in targets) {
try { try {
if (target.service == "xmpp-client") { if (target.service == "xmpp-client") {
stream = new StartTlsXmppStream(remote, target.host, target.port, (owned)on_invalid_cert); stream = new StartTlsXmppStream(remote, target.host, target.port, on_invalid_cert_wrapper);
} else { } else {
stream = new DirectTlsXmppStream(remote, target.host, target.port, (owned)on_invalid_cert); stream = new DirectTlsXmppStream(remote, target.host, target.port, on_invalid_cert_wrapper);
} }
stream.log = new XmppLog(bare_jid.to_string(), log_options); stream.log = new XmppLog(bare_jid.to_string(), log_options);

6
xmpp-vala/src/core/tls_xmpp_stream.vala
View file

@ -3,6 +3,12 @@ public abstract class Xmpp.TlsXmppStream : IoXmppStream {
public TlsCertificateFlags? errors; public TlsCertificateFlags? errors;
public delegate bool OnInvalidCert(GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors); public delegate bool OnInvalidCert(GLib.TlsCertificate peer_cert, GLib.TlsCertificateFlags errors);
public class OnInvalidCertWrapper {
public OnInvalidCert func;
public OnInvalidCertWrapper(owned OnInvalidCert func) {
this.func = (owned) func;
}
}
protected TlsXmppStream(Jid remote_name) { protected TlsXmppStream(Jid remote_name) {
base(remote_name); base(remote_name);