Hi!
This patch contains a fix for a dangerous bug which can lead to crash or
remote DoS of Kopete when a Jabber contact has '#' in Jabber client name or
version returned in Disco response.
Before this fix, my Kopete was crashing every time one of my contacts was
connecting from some obscure mobile Jabber client.
Moral of the story: never make Q_ASSERT based on data received from server,
especially if those data are originally come from another client.
-- Oleg Girko, http://www.infoserver.ru/~ol/
Index: kopete/protocols/jabber/jabbercapabilitiesmanager.cpp
===================================================================
--- kopete/protocols/jabber/jabbercapabilitiesmanager.cpp (revision 797409)
+++ kopete/protocols/jabber/jabbercapabilitiesmanager.cpp (working copy)
@@ -444,12 +444,15 @@
Jid jid = discoInfo->jid();
kDebug(JABBER_DEBUG_GLOBAL) << QString("Disco response from %1, node=%2, success=%3").arg(QString(jid.full()).replace('%',"%%")).arg(discoInfo->node()).arg(discoInfo->success());
- QStringList tokens = discoInfo->node().split('#');
+ const QString &tokens = discoInfo->node();
+ int idx = tokens.lastIndexOf('#');
+ if (idx < 0)
+ return;
+
// Update features
- Q_ASSERT(tokens.count() == 2);
- QString node = tokens[0];
- QString extensions = tokens[1];
+ QString node = tokens.left(idx);
+ QString extensions = tokens.mid(idx + 1);
Capabilities jidCapabilities = d->jidCapabilitiesMap[jid.full()];
if( jidCapabilities.node() == node )
_______________________________________________
kopete-devel mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/kopete-devel
