In the absence of checks on the from address, it is possible for other
clients to fake an answer to an IQ request.
This commit adds an IQReplyFilter, which drops all packets which are not
a valid reply to an IQ request. In particular, it checks for packet id,
from address and packet type.
Most(?) places waiting for a reply to an IQ request are converted to use
the IQReplyFilter.
For a discussion of the issues, see the thread "Spoofing of iq ids and
misbehaving servers" from 2014-01 on the jdev@jabber.org mailing list
and following discussion in February and March.
Instead of repeating the same pattern, when sending an IQ get/set packet
and collecting the response
PacketFilter filter = new PacketIDFilter(request.getPacketID()),
PacketCollector collector = connection.createPacketCollector(filter);
connection.sendPacket(reg);
IQ result = (IQ)collector.nextResult(SmackConfiguration.getPacketReplyTimeout());
// Stop queuing results
collector.cancel();
if (result == null) {
throw new XMPPException("No response from server.");
}
else if (result.getType() == IQ.Type.ERROR) {
throw new XMPPException(result.getError());
}
the API got redesigned, so that the above code block can be replaced
with
Packet result = connection.createPacketCollectorAndSend(request).nextResultOrThrow();
Change all \r\n into unix style newlines. Add missing newlines at the
end of a file and activate the newline checkstyle module, that enforces
'\n' as newline and a newline at the end of every file.
The initializer tests verify that every non-optional initializer, this
includes Providers, is loadable.
Creating files under META-INF is not considered best practice. Smack's
configuration and provider files reside now in classpath directory
qualified by Smack's package namespace.