do not allow insecure bind

This commit is contained in:
Daniel Gultsch 2018-02-18 21:54:03 +01:00
parent 92d59e9741
commit 014cf66c87

View file

@ -875,22 +875,20 @@ public class XmppConnection implements Runnable {
} }
} }
private void processStreamFeatures(final Tag currentTag) private void processStreamFeatures(final Tag currentTag) throws XmlPullParserException, IOException {
throws XmlPullParserException, IOException {
this.streamFeatures = tagReader.readElement(currentTag); this.streamFeatures = tagReader.readElement(currentTag);
final boolean isSecure = features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS;
if (this.streamFeatures.hasChild("starttls") && !features.encryptionEnabled) { if (this.streamFeatures.hasChild("starttls") && !features.encryptionEnabled) {
sendStartTLS(); sendStartTLS();
} else if (this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) { } else if (this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
if (features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS) { if (isSecure) {
sendRegistryRequest(); sendRegistryRequest();
} else { } else {
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER); throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
} }
} else if (!this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) { } else if (!this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
throw new StateChangingException(Account.State.REGISTRATION_NOT_SUPPORTED); throw new StateChangingException(Account.State.REGISTRATION_NOT_SUPPORTED);
} else if (this.streamFeatures.hasChild("mechanisms") } else if (this.streamFeatures.hasChild("mechanisms") && shouldAuthenticate && isSecure) {
&& shouldAuthenticate
&& (features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS)) {
authenticate(); authenticate();
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:" + smVersion) && streamId != null) { } else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:" + smVersion) && streamId != null) {
if (Config.EXTENDED_SM_LOGGING) { if (Config.EXTENDED_SM_LOGGING) {
@ -901,7 +899,7 @@ public class XmppConnection implements Runnable {
this.mWaitingForSmCatchup.set(true); this.mWaitingForSmCatchup.set(true);
this.tagWriter.writeStanzaAsync(resume); this.tagWriter.writeStanzaAsync(resume);
} else if (needsBinding) { } else if (needsBinding) {
if (this.streamFeatures.hasChild("bind")) { if (this.streamFeatures.hasChild("bind") && isSecure) {
sendBindRequest(); sendBindRequest();
} else { } else {
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER); throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);