diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-27 00:40:36 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-01-27 00:40:36 +0000 |
| commit | bf5d32aede66b09c7caf030d3d1d4dcfc050564e (patch) | |
| tree | aa4cfe2f6cf4591c9b97cd56dba3cf0fe68a5a1a /remoting | |
| parent | 6f765db725292f9eb8349afc004c933f5cffa352 (diff) | |
| download | chromium_src-bf5d32aede66b09c7caf030d3d1d4dcfc050564e.zip chromium_src-bf5d32aede66b09c7caf030d3d1d4dcfc050564e.tar.gz chromium_src-bf5d32aede66b09c7caf030d3d1d4dcfc050564e.tar.bz2 | |
Return correct error code when Me2Me client has invalid JID.
Previously a connection from an unauthorized user was interpreted as
protocol error, which is clearly incorrect.
Review URL: http://codereview.chromium.org/9169062
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119317 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting')
| -rw-r--r-- | remoting/protocol/me2me_host_authenticator_factory.cc | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/remoting/protocol/me2me_host_authenticator_factory.cc b/remoting/protocol/me2me_host_authenticator_factory.cc index e3f6d98..c4c6052 100644 --- a/remoting/protocol/me2me_host_authenticator_factory.cc +++ b/remoting/protocol/me2me_host_authenticator_factory.cc @@ -7,12 +7,55 @@ #include "base/base64.h" #include "base/string_util.h" #include "crypto/rsa_private_key.h" +#include "remoting/protocol/channel_authenticator.h" #include "remoting/protocol/v1_authenticator.h" #include "remoting/protocol/v2_authenticator.h" +#include "third_party/libjingle/source/talk/xmllite/xmlelement.h" namespace remoting { namespace protocol { +namespace { + +// Authenticator that accepts one message and rejects connection after that. +class RejectingAuthenticator : public Authenticator { + public: + RejectingAuthenticator() + : state_(WAITING_MESSAGE) { + } + virtual ~RejectingAuthenticator() { + } + + virtual State state() const OVERRIDE { + return state_; + } + + virtual RejectionReason rejection_reason() const OVERRIDE { + DCHECK_EQ(state_, REJECTED); + return INVALID_CREDENTIALS; + } + + virtual void ProcessMessage(const buzz::XmlElement* message) OVERRIDE { + DCHECK_EQ(state_, WAITING_MESSAGE); + state_ = REJECTED; + } + + virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE { + NOTREACHED(); + return scoped_ptr<buzz::XmlElement>(NULL); + } + + virtual scoped_ptr<ChannelAuthenticator> + CreateChannelAuthenticator() const OVERRIDE { + NOTREACHED(); + return scoped_ptr<ChannelAuthenticator>(NULL); + } + + protected: + State state_; +}; + +} // namespace bool SharedSecretHash::Parse(const std::string& as_string) { size_t separator = as_string.find(':'); @@ -54,18 +97,14 @@ Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( const std::string& remote_jid, const buzz::XmlElement* first_message) { - // Reject incoming connection if the client's jid is not an ASCII string. - if (!IsStringASCII(remote_jid)) { - LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; - return scoped_ptr<Authenticator>(NULL); - } - - // Check that the client has the same bare jid as the host, i.e. - // client's full JID starts with host's bare jid. Comparison is case + // Verify that the client's jid is an ASCII string, and then check + // that the client has the same bare jid as the host, i.e. client's + // full JID starts with host's bare jid. Comparison is case // insensitive. - if (!StartsWithASCII(remote_jid, local_jid_prefix_, false)) { + if (!IsStringASCII(remote_jid) || + !StartsWithASCII(remote_jid, local_jid_prefix_, false)) { LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; - return scoped_ptr<Authenticator>(NULL); + return scoped_ptr<Authenticator>(new RejectingAuthenticator()); } if (V2Authenticator::IsEkeMessage(first_message)) { |