From: Jason Stephenson Date: Sat, 28 May 2022 15:27:35 +0000 (-0400) Subject: LP1973060: Modernize XMPP Legacy Error Code Handling X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=4fbe2cd075d781c00be698d14e7d2847a0d88873;p=working%2FOpenSRF.git LP1973060: Modernize XMPP Legacy Error Code Handling Processone removed the setting of the legacy XMPP error code from the Erlang XMPP package with release 1.5.6 in November 2021. Using OpenSRF with any version of Ejabberd released since the 1.5.6 XMPP package will cause OpenSRF processes to segfault when a XMPP error message is processed. This was specifically noticed with Ejabberd 21.12 on Ubuntu 22.04. To verify the bug, you may install OpenSRF on any system running Ejabberd 21.12 (or any later version) and make a request to a non-existent service. The following srfsh request should suffice to cause a segfault: request math add 2,2 NOTE: The request is to the non-existent "math" service. After applying this patch, instead of a segfault in srfsh, you should see an error message. OpenSRF should continue to function normally with earlier releases of the Erlang XMPP library and Ejabberd. Signed-off-by: Jason Stephenson Signed-off-by: Bill Erickson Signed-off-by: Jane Sandberg --- diff --git a/src/libopensrf/transport_session.c b/src/libopensrf/transport_session.c index 7ea15d5..ff2b358 100644 --- a/src/libopensrf/transport_session.c +++ b/src/libopensrf/transport_session.c @@ -92,6 +92,7 @@ static const xmlSAXHandlerPtr SAXHandler = &SAXHandlerStruct; static void grab_incoming(void* blob, socket_manager* mgr, int sockid, char* data, int parent); static void reset_session_buffers( transport_session* session ); static const char* get_xml_attr( const xmlChar** atts, const char* attr_name ); +static int get_xmpp_error_code( const xmlChar *name ); /** @brief Allocate and initialize a transport_session. @@ -568,6 +569,12 @@ static void startElementHandler( transport_session* ses = (transport_session*) session; if( ! ses ) { return; } +// -------------------------------------------------------------------------------- +// A static variable to indicate if we received a XMPP error message or not. +// It's necessary because the session state machine's in_message_error variable +// is not granular enough to distinguish a XMPP error from other stream errors. +// -------------------------------------------------------------------------------- + static int isXMPPError = 0; if( strcmp( (char*) name, "message" ) == 0 ) { ses->state_machine->in_message = 1; @@ -647,14 +654,25 @@ static void startElementHandler( if( strcmp( (char*) name, "error" ) == 0 ) { + char *code = NULL; ses->state_machine->in_message_error = 1; buffer_add( ses->message_error_type, get_xml_attr( atts, "type" ) ); - ses->message_error_code = atoi( get_xml_attr( atts, "code" ) ); + code = get_xml_attr( atts, "code" ); + if (code) + ses->message_error_code = atoi( code ); + else + isXMPPError = 1; osrfLogInfo( OSRF_LOG_MARK, "Received message with type %s and code %d", OSRF_BUFFER_C_STR( ses->message_error_type ), ses->message_error_code ); return; } + if ( ses->state_machine->in_message_error == 1 && isXMPPError == 1 ) { + ses->message_error_code = get_xmpp_error_code( name ); + isXMPPError = 0; + return; + } + if( strcmp( (char*) name, "iq" ) == 0 ) { ses->state_machine->in_iq = 1; @@ -698,6 +716,63 @@ static const char* get_xml_attr( const xmlChar** atts, const char* attr_name ) { return NULL; } +/** + @brief Return the value of the legacy XMPP Error Code + @param name Pointer to the name of the tag + + Look up the legacy XMPP Error Code from the error-condition element as + described in XEP-0086: https://xmpp.org/extensions/xep-0086.html. +*/ +static int get_xmpp_error_code( const xmlChar* name ) { + const char *cname = (const char *) name; + + if (strcmp( cname, "not-authorized" ) == 0) + return 401; + if (strcmp( cname, "service-unavailable" ) == 0) + return 503; + if (strcmp( cname, "bad-request" ) == 0) + return 400; + if (strcmp( cname, "conflict" ) == 0) + return 409; + if (strcmp( cname, "feature-not-implemented" ) == 0) + return 501; + if (strcmp( cname, "forbidden" ) == 0) + return 403; + if (strcmp( cname, "gone" ) == 0) + return 302; + if (strcmp( cname, "internal-server-error" ) == 0) + return 500; + if (strcmp( cname, "item-not-found" ) == 0) + return 404; + if (strcmp( cname, "jid-malformed" ) == 0) + return 400; + if (strcmp( cname, "not-acceptable" ) == 0) + return 406; + if (strcmp( cname, "not-allowed" ) == 0) + return 405; + if (strcmp( cname, "payment-required" ) == 0) + return 402; + if (strcmp( cname, "recipient-unavailable" ) == 0) + return 404; + if (strcmp( cname, "redirect" ) == 0) + return 302; + if (strcmp( cname, "registration-required" ) == 0) + return 407; + if (strcmp( cname, "remote-server-not-found" ) == 0) + return 404; + if (strcmp( cname, "remote-server-timeout" ) == 0) + return 504; + if (strcmp( cname, "resource-constraint" ) == 0) + return 500; + if (strcmp( cname, "subscription-required" ) == 0) + return 407; + if (strcmp( cname, "undefined-condition" ) == 0) + return 500; + if (strcmp( cname, "unexpected-request" ) == 0) + return 400; + + return 500; // Assume undefined-condition. +} /** @brief React to the closing of an XML tag.