X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=core%2Fxmlhandlers.lua;h=9e8fd7f6704a00bf4fc4c0ad84440fa1b259dfd2;hb=02db59e68c9b69b848102d97db373ca2a92bdc40;hp=3037a848517051f9d4bcc90252bd70f34ff5c816;hpb=6e21eb995197ecc19aa453491d54f8ed733618e1;p=prosody.git

diff --git a/core/xmlhandlers.lua b/core/xmlhandlers.lua
index 3037a848..9e8fd7f6 100644
--- a/core/xmlhandlers.lua
+++ b/core/xmlhandlers.lua
@@ -1,3 +1,12 @@
+-- Prosody IM
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
+-- 
+-- This project is MIT/X11 licensed. Please see the
+-- COPYING file in the source package for more information.
+--
+
+
 
 require "util.stanza"
 
@@ -5,18 +14,21 @@ local st = stanza;
 local tostring = tostring;
 local pairs = pairs;
 local ipairs = ipairs;
-local type = type;
-local print = print;
-local format = string.format;
-local m_random = math.random;
 local t_insert = table.insert;
-local t_remove = table.remove;
 local t_concat = table.concat;
-local t_concatall = function (t, sep) local tt = {}; for _, s in ipairs(t) do t_insert(tt, tostring(s)); end return t_concat(tt, sep); end
-local sm_destroy_session = import("core.sessionmanager", "destroy_session");
 
 local default_log = require "util.logger".init("xmlhandlers");
 
+-- COMPAT: w/LuaExpat 1.1.0
+local lxp_supports_doctype = pcall(lxp.new, { StartDoctypeDecl = false });
+
+if not lxp_supports_doctype then
+	default_log("warn", "The version of LuaExpat on your system leaves Prosody "
+		.."vulnerable to denial-of-service attacks. You should upgrade to "
+		.."LuaExpat 1.1.1 or higher as soon as possible. See "
+		.."http://prosody.im/doc/depends#luaexpat for more information.");
+end
+
 local error = error;
 
 module "xmlhandlers"
@@ -25,61 +37,72 @@ local ns_prefixes = {
 						["http://www.w3.org/XML/1998/namespace"] = "xml";
 				}
 
-function init_xmlhandlers(session, streamopened)
+function init_xmlhandlers(session, stream_callbacks)
 		local ns_stack = { "" };
-		local curr_ns = "";
 		local curr_tag;
 		local chardata = {};
 		local xml_handlers = {};
 		local log = session.log or default_log;
-		--local print = function (...) log("info", "xmlhandlers", t_concatall({...}, "\t")); end
 		
-		local send = session.send;
+		local cb_streamopened = stream_callbacks.streamopened;
+		local cb_streamclosed = stream_callbacks.streamclosed;
+		local cb_error = stream_callbacks.error or function (session, e) error("XML stream error: "..tostring(e)); end;
+		local cb_handlestanza = stream_callbacks.handlestanza;
+		
+		local stream_tag = stream_callbacks.stream_tag;
+		local stream_default_ns = stream_callbacks.default_ns;
 		
 		local stanza
-		function xml_handlers:StartElement(name, attr)
+		function xml_handlers:StartElement(tagname, attr)
 			if stanza and #chardata > 0 then
 				-- We have some character data in the buffer
 				stanza:text(t_concat(chardata));
 				chardata = {};
 			end
-			curr_ns,name = name:match("^(.+)|([%w%-]+)$");
-			if curr_ns ~= "jabber:server" then
+			local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$");
+			if name == "" then
+				curr_ns, name = "", curr_ns;
+			end
+
+			if curr_ns ~= stream_default_ns then
 				attr.xmlns = curr_ns;
 			end
 			
 			-- FIXME !!!!!
-			for i, k in ipairs(attr) do
-				if type(k) == "string" then
-					local ns, nm = k:match("^([^|]+)|?([^|]-)$")
-					if ns and nm then
-						ns = ns_prefixes[ns]; 
-						if ns then 
-							attr[ns..":"..nm] = attr[k];
-							attr[i] = ns..":"..nm;
-							attr[k] = nil;
-						end
+			for i=1,#attr do
+				local k = attr[i];
+				attr[i] = nil;
+				local ns, nm = k:match("^([^\1]*)\1?(.*)$");
+				if nm ~= "" then
+					ns = ns_prefixes[ns]; 
+					if ns then 
+						attr[ns..":"..nm] = attr[k];
+						attr[k] = nil;
 					end
 				end
 			end
 			
 			if not stanza then --if we are not currently inside a stanza
 				if session.notopen then
-					if name == "stream" then
-						streamopened(session, attr);
-						return;
+					if tagname == stream_tag then
+						if cb_streamopened then
+							cb_streamopened(session, attr);
+						end
+					else
+						-- Garbage before stream?
+						cb_error(session, "no-stream");
 					end
-					error("Client failed to open stream successfully");
+					return;
 				end
 				if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
-					error("Client sent invalid top-level stanza");
+					cb_error(session, "invalid-top-level-element");
 				end
 				
-				stanza = st.stanza(name, attr); --{ to = attr.to, type = attr.type, id = attr.id, xmlns = curr_ns });
+				stanza = st.stanza(name, attr);
 				curr_tag = stanza;
 			else -- we are inside a stanza, so add a tag
 				attr.xmlns = nil;
-				if curr_ns ~= "jabber:server" and curr_ns ~= "jabber:client" then
+				if curr_ns ~= stream_default_ns then
 					attr.xmlns = curr_ns;
 				end
 				stanza:tag(name, attr);
@@ -90,32 +113,48 @@ function init_xmlhandlers(session, streamopened)
 				t_insert(chardata, data);
 			end
 		end
-		function xml_handlers:EndElement(name)
-			curr_ns,name = name:match("^(.+)|([%w%-]+)$");
-			if (not stanza) or #stanza.last_add < 0 or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then 
-				if name == "stream" then
-					log("debug", "Stream closed");
-					sm_destroy_session(session);
-					return;
+		function xml_handlers:EndElement(tagname)
+			local curr_ns,name = tagname:match("^([^\1]*)\1?(.*)$");
+			if name == "" then
+				curr_ns, name = "", curr_ns;
+			end
+			if (not stanza) or (#stanza.last_add > 0 and name ~= stanza.last_add[#stanza.last_add].name) then 
+				if tagname == stream_tag then
+					if cb_streamclosed then
+						cb_streamclosed(session);
+					end
 				elseif name == "error" then
-					error("Stream error: "..tostring(name)..": "..tostring(stanza));
+					cb_error(session, "stream-error", stanza);
 				else
-					error("XML parse error in client stream");
+					cb_error(session, "parse-error", "unexpected-element-close", name);
 				end
+				stanza, chardata = nil, {};
+				return;
 			end
-			if stanza and #chardata > 0 then
+			if #chardata > 0 then
 				-- We have some character data in the buffer
 				stanza:text(t_concat(chardata));
 				chardata = {};
 			end
 			-- Complete stanza
 			if #stanza.last_add == 0 then
-				session.stanza_dispatch(stanza);
+				cb_handlestanza(session, stanza);
 				stanza = nil;
 			else
 				stanza:up();
 			end
 		end
+
+		local function restricted_handler()
+			cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
+		end
+		
+		if lxp_supports_doctype then
+			xml_handlers.StartDoctypeDecl = restricted_handler;
+		end
+		xml_handlers.Comment = restricted_handler;
+		xml_handlers.ProcessingInstruction = restricted_handler;
+	
 	return xml_handlers;
 end