Mercury-IM/Smack
Mercury-IM/Smack
1
0
Fork 0
mirror of https://codeberg.org/Mercury-IM/Smack synced 2024-11-15 03:52:05 +01:00
Code Issues Releases Wiki Activity

Improve IQReplyFilter

Browse source 
Only log spoof attempts if the from filter doesn't match. Previously all
non-matches where logged as spoof attempts.
Fix String.format() s/%d/%s/
This commit is contained in:
Florian Schmaus 2014-03-10 12:20:20 +01:00
parent 8e693ba5d5
commit b489828027
2 changed files with 22 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
core/src/main/java/org/jivesoftware/smack/filter/IQReplyFilter.java
View file

@ -50,7 +50,8 @@ import org.jivesoftware.smack.util.StringUtils;
public class IQReplyFilter implements PacketFilter { public class IQReplyFilter implements PacketFilter {
private static final Logger LOGGER = Logger.getLogger(IQReplyFilter.class.getName()); private static final Logger LOGGER = Logger.getLogger(IQReplyFilter.class.getName());
private final PacketFilter filter; private final PacketFilter iqAndIdFilter;
private final OrFilter fromFilter;
private final String to; private final String to;
private final String local; private final String local;
private final String server; private final String server;
@ -91,8 +92,9 @@ public class IQReplyFilter implements PacketFilter {
packetId = iqPacket.getPacketID(); packetId = iqPacket.getPacketID();
PacketFilter iqFilter = new OrFilter(new IQTypeFilter(IQ.Type.ERROR), new IQTypeFilter(IQ.Type.RESULT)); PacketFilter iqFilter = new OrFilter(new IQTypeFilter(IQ.Type.ERROR), new IQTypeFilter(IQ.Type.RESULT));
PacketFilter idFilter = new PacketIDFilter(iqPacket.getPacketID()); PacketFilter idFilter = new PacketIDFilter(iqPacket);
OrFilter fromFilter = new OrFilter(); iqAndIdFilter = new AndFilter(iqFilter, idFilter);
fromFilter = new OrFilter();
fromFilter.addFilter(FromMatchesFilter.createFull(to)); fromFilter.addFilter(FromMatchesFilter.createFull(to));
if (to == null) { if (to == null) {
if (local != null) if (local != null)
@ -102,18 +104,22 @@ public class IQReplyFilter implements PacketFilter {
else if (local != null && to.toLowerCase().equals(StringUtils.parseBareAddress(local))) { else if (local != null && to.toLowerCase().equals(StringUtils.parseBareAddress(local))) {
fromFilter.addFilter(FromMatchesFilter.createFull(null)); fromFilter.addFilter(FromMatchesFilter.createFull(null));
} }
filter = new AndFilter(fromFilter, iqFilter, idFilter);
} }
@Override @Override
public boolean accept(Packet packet) { public boolean accept(Packet packet) {
if (filter.accept(packet)) { // First filter out everything that is not an IQ stanza and does not have the correct ID set.
if (!iqAndIdFilter.accept(packet))
return false;
// Second, check if the from attributes are correct and log potential IQ spoofing attempts
if (fromFilter.accept(packet)) {
return true; return true;
} else { } else {
String msg = String.format("Rejected potentially spoofed reply to IQ-packet. Filter settings: " String msg = String.format("Rejected potentially spoofed reply to IQ-packet. Filter settings: "
+ "packetId=%s, to=%s, local=%s, server=%s. Received packet with from=%d", + "packetId=%s, to=%s, local=%s, server=%s. Received packet with from=%s",
packetId, to, local, server, packet.getFrom()); packetId, to, local, server, packet.getFrom());
LOGGER.log(Level.INFO, msg , packet); LOGGER.log(Level.WARNING, msg , packet);
return false; return false;
} }
} }

9
core/src/main/java/org/jivesoftware/smack/filter/PacketIDFilter.java
View file

@ -28,6 +28,15 @@ public class PacketIDFilter implements PacketFilter {
private String packetID; private String packetID;
/**
* Creates a new packet ID filter using the specified packet's ID.
*
* @param packet the packet which the ID is taken from.
*/
public PacketIDFilter(Packet packet) {
this(packet.getPacketID());
}
/** /**
* Creates a new packet ID filter using the specified packet ID. * Creates a new packet ID filter using the specified packet ID.
* *