Malformed CAPTCHA response may crash a room. This is now fixed. (thanks to Evgeniy Khramtsov)

SVN Revision: 2150
2024-11-22 16:20:52 +01:00 · 2009-06-09 09:39:07 +00:00 · 2009-06-09 09:39:07 +00:00 · dd101c99e5
commit dd101c99e5
parent a45e6da3d0
1 changed files with 24 additions and 18 deletions
--- a/src/ejabberd_captcha.erl
+++ b/src/ejabberd_captcha.erl
@ -150,30 +150,36 @@ check_captcha(Id, ProvidedKey) ->

 process_reply(El) ->
    case {exmpp_xml:element_matches(El, captcha),
-    exmpp_xml:get_element(El, x)} of
+	  exmpp_xml:get_element(El, x)} of
 	{false, _} ->
 	    {error, malformed};
 	{_, undefined} ->
 	    {error, malformed};
 	{true, Xdata} ->
 	    Fields = jlib:parse_xdata_submit(Xdata),
-	    [Id | _] = proplists:get_value("challenge", Fields, [none]),
-	    [OCR | _] = proplists:get_value("ocr", Fields, [none]),
-	    ?T(case mnesia:read(captcha, Id, write) of
-		   [#captcha{pid=Pid, args=Args, key=Key, tref=Tref}] ->
-		       mnesia:delete({captcha, Id}),
-		       erlang:cancel_timer(Tref),
-		       if OCR == Key ->
-			       Pid ! {captcha_succeed, Args},
-			       ok;
-			  true ->
-			       Pid ! {captcha_failed, Args},
-			       {error, bad_match}
-		       end;
-		   _ ->
-		       {error, not_found}
-	       end)
-    end.
+	    case {proplists:get_value("challenge", Fields),
+		  proplists:get_value("ocr", Fields)} of
+		{[Id|_], [OCR|_]} ->
+		    ?T(case mnesia:read(captcha, Id, write) of
+			   [#captcha{pid=Pid, args=Args, key=Key, tref=Tref}] ->
+			       mnesia:delete({captcha, Id}),
+			       erlang:cancel_timer(Tref),
+			       if OCR == Key ->
+				       Pid ! {captcha_succeed, Args},
+				       ok;
+				  true ->
+				       Pid ! {captcha_failed, Args},
+				       {error, bad_match}
+			       end;
+			   _ ->
+			       {error, not_found}
+		       end);
+		_ ->
+		    {error, malformed}
+	    end
+    end;
+process_reply(_) ->
+    {error, malformed}.


 process(_Handlers, #request{method='GET', lang=Lang, path=[_, Id]}) ->