summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <simon.mcvittie@collabora.co.uk>2013-05-27 12:16:22 (GMT)
committerSimon McVittie <simon.mcvittie@collabora.co.uk>2013-05-29 16:18:31 (GMT)
commitff317a2783058e8e90fac21bd8ba18359c5401f9 (patch)
tree94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936
parent565f2ed54f53adc7bd6793a0e746ceb349843408 (diff)
downloadwocky-ff317a2783058e8e90fac21bd8ba18359c5401f9.tar.gz
wocky-ff317a2783058e8e90fac21bd8ba18359c5401f9.tar.xz
CVE-2013-1431: respect tls-required flag on legacy Jabber servers
It's checked elsewhere for XMPP 1.0 servers, which can either use "old SSL" or perform STARTTLS. Legacy Jabber can only use "old SSL", which is similar to https - connect to a separate port, typically 5223, and start speaking SSL - so if the connection was ever going to be encrypted, by this point it already would be. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036 Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
-rw-r--r--wocky/wocky-connector.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c
index 133b9fd..3287285 100644
--- a/wocky/wocky-connector.c
+++ b/wocky/wocky-connector.c
@@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source,
if (!priv->legacy_support)
abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER,
"Server not XMPP 1.0 Compliant");
+ else if (priv->tls_required && !priv->encrypted)
+ abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE,
+ "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")");
else
jabber_request_auth (self);
}