Prevent forging of messages via carbons.
This commit is contained in:
parent
0cf9903726
commit
e81eaf323e
|
@ -10,6 +10,7 @@
|
||||||
- Bugfix. Login form wasn't rendered after logging out (when `auto_reconnect` is `true`). [jcbrand]
|
- Bugfix. Login form wasn't rendered after logging out (when `auto_reconnect` is `true`). [jcbrand]
|
||||||
- Bugfix. Properly disconnect upon "host-unknown" error. [jcbrand]
|
- Bugfix. Properly disconnect upon "host-unknown" error. [jcbrand]
|
||||||
- Bugfix. Minimized chats weren't removed when logging out. [jcbrand]
|
- Bugfix. Minimized chats weren't removed when logging out. [jcbrand]
|
||||||
|
- Security fix: Prevent message forging via carbons. (Thanks to ge0rg) [jcbrand]
|
||||||
|
|
||||||
## 2.0.4 (2016-12-13)
|
## 2.0.4 (2016-12-13)
|
||||||
- #737: Bugfix. Translations weren't being applied. [jcbrand]
|
- #737: Bugfix. Translations weren't being applied. [jcbrand]
|
||||||
|
|
|
@ -766,7 +766,7 @@
|
||||||
var msgtext = 'This is a carbon message';
|
var msgtext = 'This is a carbon message';
|
||||||
var sender_jid = mock.cur_names[1].replace(/ /g,'.').toLowerCase() + '@localhost';
|
var sender_jid = mock.cur_names[1].replace(/ /g,'.').toLowerCase() + '@localhost';
|
||||||
var msg = $msg({
|
var msg = $msg({
|
||||||
'from': converse.bare_jid,
|
'from': sender_jid,
|
||||||
'id': (new Date()).getTime(),
|
'id': (new Date()).getTime(),
|
||||||
'to': converse.connection.jid,
|
'to': converse.connection.jid,
|
||||||
'type': 'chat',
|
'type': 'chat',
|
||||||
|
@ -844,6 +844,49 @@
|
||||||
expect(msg_txt).toEqual(msgtext);
|
expect(msg_txt).toEqual(msgtext);
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
it("will be discarded if it's a malicious message meant to look like a carbon copy", mock.initConverse(function (converse) {
|
||||||
|
test_utils.createContacts(converse, 'current');
|
||||||
|
test_utils.openControlBox();
|
||||||
|
test_utils.openContactsPanel(converse);
|
||||||
|
/* <message from="mallory@evil.example" to="b@xmpp.example">
|
||||||
|
* <received xmlns='urn:xmpp:carbons:2'>
|
||||||
|
* <forwarded xmlns='urn:xmpp:forward:0'>
|
||||||
|
* <message from="alice@xmpp.example" to="bob@xmpp.example/client1">
|
||||||
|
* <body>Please come to Creepy Valley tonight, alone!</body>
|
||||||
|
* </message>
|
||||||
|
* </forwarded>
|
||||||
|
* </received>
|
||||||
|
* </message>
|
||||||
|
*/
|
||||||
|
spyOn(converse, 'log');
|
||||||
|
var msgtext = 'Please come to Creepy Valley tonight, alone!';
|
||||||
|
var sender_jid = mock.cur_names[1].replace(/ /g,'.').toLowerCase() + '@localhost';
|
||||||
|
var impersonated_jid = mock.cur_names[2].replace(/ /g,'.').toLowerCase() + '@localhost';
|
||||||
|
var msg = $msg({
|
||||||
|
'from': sender_jid,
|
||||||
|
'id': (new Date()).getTime(),
|
||||||
|
'to': converse.connection.jid,
|
||||||
|
'type': 'chat',
|
||||||
|
'xmlns': 'jabber:client'
|
||||||
|
}).c('received', {'xmlns': 'urn:xmpp:carbons:2'})
|
||||||
|
.c('forwarded', {'xmlns': 'urn:xmpp:forward:0'})
|
||||||
|
.c('message', {
|
||||||
|
'xmlns': 'jabber:client',
|
||||||
|
'from': impersonated_jid,
|
||||||
|
'to': converse.connection.jid,
|
||||||
|
'type': 'chat'
|
||||||
|
}).c('body').t(msgtext).tree();
|
||||||
|
converse.chatboxes.onMessage(msg);
|
||||||
|
|
||||||
|
// Check that chatbox for impersonated user is not created.
|
||||||
|
var chatbox = converse.chatboxes.get(impersonated_jid);
|
||||||
|
expect(chatbox).not.toBeDefined();
|
||||||
|
|
||||||
|
// Check that the chatbox for the malicous user is not created
|
||||||
|
chatbox = converse.chatboxes.get(sender_jid);
|
||||||
|
expect(chatbox).not.toBeDefined();
|
||||||
|
}));
|
||||||
|
|
||||||
it("received for a minimized chat box will increment a counter on its header", mock.initConverse(function (converse) {
|
it("received for a minimized chat box will increment a counter on its header", mock.initConverse(function (converse) {
|
||||||
test_utils.createContacts(converse, 'current');
|
test_utils.createContacts(converse, 'current');
|
||||||
test_utils.openControlBox();
|
test_utils.openControlBox();
|
||||||
|
|
|
@ -1447,7 +1447,14 @@
|
||||||
}
|
}
|
||||||
$forwarded = $message.find('forwarded');
|
$forwarded = $message.find('forwarded');
|
||||||
if ($forwarded.length) {
|
if ($forwarded.length) {
|
||||||
$message = $forwarded.children('message');
|
var $forwarded_message = $forwarded.children('message');
|
||||||
|
if (Strophe.getBareJidFromJid($forwarded_message.attr('from')) !== from_jid) {
|
||||||
|
// Prevent message forging via carbons
|
||||||
|
//
|
||||||
|
// https://xmpp.org/extensions/xep-0280.html#security
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
$message = $forwarded_message;
|
||||||
$delay = $forwarded.children('delay');
|
$delay = $forwarded.children('delay');
|
||||||
from_jid = $message.attr('from');
|
from_jid = $message.attr('from');
|
||||||
to_jid = $message.attr('to');
|
to_jid = $message.attr('to');
|
||||||
|
|
Loading…
Reference in New Issue
Block a user