diff options
| author | Will Thompson <will.thompson@collabora.co.uk> | 2011-02-08 18:43:21 +0000 |
|---|---|---|
| committer | Will Thompson <will.thompson@collabora.co.uk> | 2011-02-16 14:54:46 +0000 |
| commit | ed73e1f33c9abe844cbcea4e513c8069586f9c04 (patch) | |
| tree | 8117aaaf197b0b26f8196687d2e30ddbf0c27d20 | |
| parent | 87a76cb893a2b950d99bf2a24c11b4c40bff24cf (diff) | |
| download | telepathy-gabble-ed73e1f33c9abe844cbcea4e513c8069586f9c04.tar.gz | |
[0.8] Ignore google:jingleinfo pushes from contacts.
Previously, Gabble would erroneously process google:jingleinfo updates
sent by anybody, rather than only paying attention to those sent by the
user's server. This may theoretically allow an attacker to trick Gabble
into relaying streamed media through a server of the attacker's
choosing, enabling them to intercept, obstruct or modify the user's
audio and video calls.
This patch addresses this flaw, following the same pattern as the
corresponding check in the roster code.
Note that even without this flaw, no security guarantees on media in
calls can be provided in the presence of malicious network admins or
insecure networks: an attacker who can eavesdrop the network traffic
still has the ability to intercept the content of the call, as the media
is transmitted unencrypted.
Fixes: <https://bugs.freedesktop.org/show_bug.cgi?id=34048>
Signed-off-by: Will Thompson <will.thompson@collabora.co.uk>
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
| -rw-r--r-- | src/jingle-factory.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/jingle-factory.c b/src/jingle-factory.c index 217c8ab48..35712467d 100644 --- a/src/jingle-factory.c +++ b/src/jingle-factory.c @@ -245,6 +245,22 @@ got_jingle_info_stanza (GabbleJingleFactory *fac, GabbleJingleFactoryPrivate *priv = fac->priv; LmMessageSubType sub_type; LmMessageNode *query_node, *node; + const gchar *from = lm_message_node_get_attribute (message->node, "from"); + + if (from != NULL) + { + TpBaseConnection *base_conn = TP_BASE_CONNECTION (priv->conn); + TpHandleRepoIface *contact_repo = tp_base_connection_get_handles ( + base_conn, TP_HANDLE_TYPE_CONTACT); + TpHandle sender = tp_handle_lookup (contact_repo, from, NULL, NULL); + + if (sender != base_conn->self_handle) + { + DEBUG ("ignoring jingleinfo from '%s', not ourself nor the server", + from); + return LM_HANDLER_RESULT_ALLOW_MORE_HANDLERS; + } + } query_node = lm_message_node_get_child_with_namespace (message->node, "query", NS_GOOGLE_JINGLE_INFO); |