From b602d619f676b9a0326c31200df967f3ae81f354 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Thu, 26 Jan 2023 16:03:57 +0100 Subject: [PATCH] prevent setting invalid combination of libstrophe flags Signed-off-by: Steffen Jaeckel --- src/xmpp/connection.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index d57a1376..3165a18e 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -198,6 +198,10 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char long flags = xmpp_conn_get_flags(conn.xmpp_conn); + /* clear all TLS & auth related flags */ + flags &= ~(XMPP_CONN_FLAG_DISABLE_TLS | XMPP_CONN_FLAG_MANDATORY_TLS + | XMPP_CONN_FLAG_LEGACY_SSL | XMPP_CONN_FLAG_TRUST_TLS + | XMPP_CONN_FLAG_LEGACY_AUTH); if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) { flags |= XMPP_CONN_FLAG_MANDATORY_TLS; } else if (g_strcmp0(tls_policy, "trust") == 0) { @@ -213,8 +217,6 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char flags |= XMPP_CONN_FLAG_LEGACY_AUTH; } - xmpp_conn_set_flags(conn.xmpp_conn, flags); - /* Print debug logs that can help when users share the logs */ if (flags != 0) { log_debug("Connecting with flags (0x%lx):", flags); @@ -230,6 +232,12 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char #undef LOG_FLAG_IF_SET } + if (xmpp_conn_set_flags(conn.xmpp_conn, flags)) { + log_error("libstrophe doesn't accept this combination of flags: 0x%x", flags); + conn.conn_status = JABBER_DISCONNECTED; + return FALSE; + } + char* cert_path = prefs_get_tls_certpath(); if (cert_path) { xmpp_conn_set_capath(conn.xmpp_conn, cert_path);