6fc40f4b57
jabberd XMPP Dialback Protection Bypass Vulnerability (this port could really use an update too fwiw)
29 lines
1.5 KiB
Plaintext
29 lines
1.5 KiB
Plaintext
$OpenBSD: patch-s2s_out_c,v 1.1 2012/08/24 07:24:12 jasper Exp $
|
|
|
|
Security fix for CVE-2012-3525
|
|
jabberd XMPP Dialback Protection Bypass Vulnerability
|
|
|
|
Patch from upstream git:
|
|
https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d
|
|
|
|
--- s2s/out.c.orig Fri Aug 24 09:18:34 2012
|
|
+++ s2s/out.c Fri Aug 24 09:20:03 2012
|
|
@@ -717,7 +717,7 @@ static void _out_result(conn_t out, nad_t nad) {
|
|
rkey = s2s_route_key(NULL, to->domain, from->domain);
|
|
|
|
/* key is valid */
|
|
- if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0) {
|
|
+ if(nad_find_attr(nad, 0, -1, "type", "valid") >= 0 && xhash_get(out->states, rkey) == (void*) conn_INPROGRESS) {
|
|
log_write(out->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] outgoing route '%s' is now valid%s", out->fd, out->ip, out->port, rkey, out->s->ssf ? ", SSL negotiated" : "");
|
|
|
|
xhash_put(out->states, pstrdup(xhash_pool(out->states), rkey), (void *) conn_VALID); /* !!! small leak here */
|
|
@@ -822,7 +822,7 @@ static void _out_verify(conn_t out, nad_t nad) {
|
|
rkey = s2s_route_key(NULL, to->domain, from->domain);
|
|
|
|
attr = nad_find_attr(nad, 0, -1, "type", "valid");
|
|
- if(attr >= 0) {
|
|
+ if(attr >= 0 && xhash_get(in->states, rkey) == (void*) conn_INPROGRESS) {
|
|
xhash_put(in->states, pstrdup(xhash_pool(in->states), rkey), (void *) conn_VALID);
|
|
log_write(in->s2s->log, LOG_NOTICE, "[%d] [%s, port=%d] incoming route '%s' is now valid%s", in->fd, in->ip, in->port, rkey, in->s->ssf ? ", SSL negotiated" : "");
|
|
valid = 1;
|