From c7cf9d6f811e299c3659350c6bd21c75ba249de5 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Tue, 29 Nov 2005 01:43:15 +0100 Subject: This should fix a crash bug in Jabber module (NULL pointer dereference on broken Jabber/SSL connections). --- protocols/jabber/jabber.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index d8d77a36..b6fca9b2 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -545,6 +545,11 @@ static void gjab_connected_ssl(gpointer data, void *source, GaimInputCondition c struct jabber_data *jd; gjconn gjc; + if (source == NULL) { + STATE_EVT(JCONN_STATE_OFF) + return; + } + if (!g_slist_find(get_connections(), gc)) { ssl_disconnect(source); return; @@ -553,11 +558,6 @@ static void gjab_connected_ssl(gpointer data, void *source, GaimInputCondition c jd = gc->proto_data; gjc = jd->gjc; - if (source == NULL) { - STATE_EVT(JCONN_STATE_OFF) - return; - } - gjab_connected(data, gjc->fd, cond); } -- cgit v1.2.3 From c3c2e1403287380e5e9d520900f761bbfa738b9f Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Wed, 30 Nov 2005 13:12:25 +0100 Subject: Got rid of the config.h includes in IM-code. Now that HAVE_CONFIG_H is defined, they started to cause problems. --- protocols/jabber/jabber.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index b6fca9b2..0379e2d3 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -21,10 +21,6 @@ * */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #ifndef _WIN32 #include #endif -- cgit v1.2.3 From 7c2d798b79041108ae71f86e7dbfdf9bf984dcb0 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Thu, 1 Dec 2005 12:52:25 +0100 Subject: jabber.c:542: warning: `gjc' might be used uninitialized in this function --- protocols/jabber/jabber.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 0379e2d3..16755d99 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -541,6 +541,9 @@ static void gjab_connected_ssl(gpointer data, void *source, GaimInputCondition c struct jabber_data *jd; gjconn gjc; + jd = gc->proto_data; + gjc = jd->gjc; + if (source == NULL) { STATE_EVT(JCONN_STATE_OFF) return; @@ -551,9 +554,6 @@ static void gjab_connected_ssl(gpointer data, void *source, GaimInputCondition c return; } - jd = gc->proto_data; - gjc = jd->gjc; - gjab_connected(data, gjc->fd, cond); } -- cgit v1.2.3 From 626b446e0a4f10fbcf38661013a592bcd3193e08 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Fri, 2 Dec 2005 12:30:03 +0100 Subject: The Jabber module now only accepts a limited range of ports (5222 and 5223), so it can't be abused as a portscanner. Thanks to Peter van Dijk (Habbie) for the report. --- protocols/jabber/jabber.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index 16755d99..e7703b44 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -589,6 +589,11 @@ static void gjab_start(gjconn gjc) port = DEFAULT_PORT; else if (port == -1 && ssl) port = DEFAULT_PORT_SSL; + else if (port != 5222 && port != 5223) { + serv_got_crap(GJ_GC(gjc), "Only port numbers 5222 and 5223 are allowed for Jabber connections."); + STATE_EVT(JCONN_STATE_OFF) + return; + } if (server == NULL) server = g_strdup(gjc->user->server); -- cgit v1.2.3 From 027d2ebf750a011bf544f7d279cfb706594e5d05 Mon Sep 17 00:00:00 2001 From: Wilmer van der Gaast Date: Fri, 2 Dec 2005 12:43:47 +0100 Subject: Modified CHANGES, and extended the allowed port range a bit. --- protocols/jabber/jabber.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'protocols/jabber') diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index e7703b44..535607e6 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -54,6 +54,8 @@ #define DEFAULT_GROUPCHAT "conference.jabber.org" #define DEFAULT_PORT 5222 #define DEFAULT_PORT_SSL 5223 +#define JABBER_PORT_MIN 5220 +#define JABBER_PORT_MAX 5229 #define JABBER_GROUP "Friends" @@ -589,8 +591,8 @@ static void gjab_start(gjconn gjc) port = DEFAULT_PORT; else if (port == -1 && ssl) port = DEFAULT_PORT_SSL; - else if (port != 5222 && port != 5223) { - serv_got_crap(GJ_GC(gjc), "Only port numbers 5222 and 5223 are allowed for Jabber connections."); + else if (port < JABBER_PORT_MIN || port > JABBER_PORT_MAX) { + serv_got_crap(GJ_GC(gjc), "For security reasons, the Jabber port number must be in the %d-%d range.", JABBER_PORT_MIN, JABBER_PORT_MAX); STATE_EVT(JCONN_STATE_OFF) return; } -- cgit v1.2.3