Skip to content

Commit

Permalink
Fix assertions for canonicalized dns names
Browse files Browse the repository at this point in the history 
The iq id should be enough to properly match those responses and not be
prone to injection attacks.
  • Loading branch information
@tmolitor-stud-tu
tmolitor-stud-tu committed Nov 21, 2024
1 parent cd929f8 commit 2c0bdf4
Showing 1 changed file with 0 additions and 13 deletions.
13 changes: 0 additions & 13 deletions Monal/Classes/MLMucProcessor.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -528,10 +528,6 @@ -(void) configureMuc:(NSString*) roomJid withMandatoryOptions:(NSDictionary*) ma
$$

$$instance_handler(handleRoomConfigForm, account.mucProcessor, $$ID(xmpp*, account), $$ID(XMPPIQ*, iqNode), $$ID(NSString*, roomJid), $$ID(NSDictionary*, mandatoryOptions), $$ID(NSDictionary*, optionalOptions), $$BOOL(deleteOnError), $$BOOL(joinOnSuccess))
MLAssert([iqNode.fromUser isEqualToString:roomJid], @"Room config form response jid not matching query jid!", (@{
@"iqNode.fromUser": [NSString stringWithFormat:@"%@", iqNode.fromUser],
@"roomJid": [NSString stringWithFormat:@"%@", roomJid],
}));
if([iqNode check:@"/<type=error>"])
{
DDLogError(@"Failed to fetch room config form for '%@': %@", roomJid, [iqNode findFirst:@"error"]);
Expand Down Expand Up @@ -619,10 +615,6 @@ -(void) configureMuc:(NSString*) roomJid withMandatoryOptions:(NSDictionary*) ma
[self handleError:[NSString stringWithFormat:NSLocalizedString(@"Could not configure group '%@'", @""), roomJid] forMuc:roomJid withNode:iqNode andIsSevere:YES];
return;
}
MLAssert([iqNode.fromUser isEqualToString:roomJid], @"Room config form response jid not matching query jid!", (@{
@"iqNode.fromUser": [NSString stringWithFormat:@"%@", iqNode.fromUser],
@"roomJid": [NSString stringWithFormat:@"%@", roomJid],
}));

//don't call success handler if we are only "half-joined" (see comments below for what that means)
if(joinOnSuccess)
Expand Down Expand Up @@ -1335,11 +1327,6 @@ -(void) publishAvatar:(UIImage* _Nullable) image forMuc:(NSString*) room
$$

$$instance_handler(handleDiscoResponse, account.mucProcessor, $$ID(xmpp*, account), $$ID(XMPPIQ*, iqNode), $$ID(NSString*, roomJid), $$BOOL(join), $$BOOL(updateBookmarks))
MLAssert([iqNode.fromUser isEqualToString:roomJid], @"Disco response jid not matching query jid!", (@{
@"iqNode.fromUser": [NSString stringWithFormat:@"%@", iqNode.fromUser],
@"roomJid": [NSString stringWithFormat:@"%@", roomJid],
}));

//no matter what the disco response is: we are not creating this muc anymore
//either because we successfully created it and called join afterwards,
//or because the user tried to simultaneously create and join this muc (the join has precendence in this case)
Expand Down

0 comments on commit 2c0bdf4

Please sign in to comment.