changeset 2197:189abf03ef24

Fix fingerprint management (Reported by Sven Gaerner in issue #134)
author Mikael Berthe <mikael@lilotux.net>
date Sun, 11 Oct 2015 17:17:35 +0200
parents 8811fe9d6ef0
children 1591518a33b9
files mcabber/mcabber/utils.c mcabber/mcabber/utils.h mcabber/mcabber/xmpp.c
diffstat 3 files changed, 31 insertions(+), 23 deletions(-) [+]
line wrap: on
line diff
--- a/mcabber/mcabber/utils.c	Wed Oct 07 21:58:38 2015 +0200
+++ b/mcabber/mcabber/utils.c	Sun Oct 11 17:17:35 2015 +0200
@@ -155,26 +155,35 @@
   return g_strdup(fname);
 }
 
-void fingerprint_to_hex(const unsigned char *fpr, char hex[49])
+void fingerprint_to_hex(const unsigned char *fpr, char hex[48])
 {
   int i;
   char *p;
 
+  hex[0] = 0;
+  if (!fpr) return;
+
   for (p = hex, i = 0; i < 15; i++, p+=3)
-    g_sprintf(p, "%02X:", fpr[i]);
-  g_sprintf(p, "%02X", fpr[i]);
-  hex[48] = '\0';
+    g_snprintf(p, 4, "%02X:", fpr[i]);
+  g_snprintf(p, 3, "%02X", fpr[i]);
 }
 
-gboolean hex_to_fingerprint(const char *hex, char fpr[16])
+gboolean hex_to_fingerprint(const char *hex, char fpr[17])
 {
   int i;
-  char *p;
+  const char *p;
 
+  fpr[0] = 0;
   if (strlen(hex) != 47)
     return FALSE;
-  for (i = 0, p = (char*)hex; *p && *(p+1); i++, p += 3)
-    fpr[i] = (char) g_ascii_strtoull (p, NULL, 16);
+  for (i = 0, p = hex; *p && *(p+1); i++, p += 3) {
+    if (*(p+2) && (*(p+2) != ':')) {
+      fpr[i] = 0;
+      return FALSE;
+    }
+    fpr[i] = (char)g_ascii_strtoull(p, NULL, 16);
+  }
+  fpr[i] = 0;
   return TRUE;
 }
 
--- a/mcabber/mcabber/utils.h	Wed Oct 07 21:58:38 2015 +0200
+++ b/mcabber/mcabber/utils.h	Sun Oct 11 17:17:35 2015 +0200
@@ -21,8 +21,8 @@
                   const char *resource);
 gboolean jid_equal(const char *jid1, const char *jid2);
 
-void fingerprint_to_hex(const unsigned char *fpr, char hex[49]);
-gboolean hex_to_fingerprint(const char * hex, char fpr[16]);
+void fingerprint_to_hex(const unsigned char *fpr, char hex[48]);
+gboolean hex_to_fingerprint(const char *hex, char fpr[17]);
 
 void ut_init_debug(void);
 void ut_write_log(unsigned int flag, const char *data);
--- a/mcabber/mcabber/xmpp.c	Wed Oct 07 21:58:38 2015 +0200
+++ b/mcabber/mcabber/xmpp.c	Sun Oct 11 17:17:35 2015 +0200
@@ -714,19 +714,19 @@
                  "Certificate hostname does not match expected hostname!");
     break;
   case LM_SSL_STATUS_CERT_FINGERPRINT_MISMATCH: {
-    char fpr[49];
-    fingerprint_to_hex((const unsigned char*)lm_ssl_get_fingerprint(ssl),
-                       fpr);
-    scr_LogPrint(LPRINT_LOGNORM,
-              "Certificate fingerprint does not match expected fingerprint!");
-    scr_LogPrint(LPRINT_LOGNORM, "Remote fingerprint: %s", fpr);
+      char fpr[49] = {0};
+      fingerprint_to_hex((const unsigned char*)lm_ssl_get_fingerprint(ssl),
+                         fpr);
+      scr_LogPrint(LPRINT_LOGNORM,
+                "Certificate fingerprint does not match expected fingerprint!");
+      scr_LogPrint(LPRINT_LOGNORM, "Remote fingerprint: %s", fpr);
 
-    scr_LogPrint(LPRINT_LOGNORM, "Expected fingerprint: %s",
-                 settings_opt_get("ssl_fingerprint"));
+      scr_LogPrint(LPRINT_LOGNORM, "Expected fingerprint: %s",
+                   settings_opt_get("ssl_fingerprint"));
 
-    return LM_SSL_RESPONSE_STOP;
+      return LM_SSL_RESPONSE_STOP;
+    }
     break;
-  }
   case LM_SSL_STATUS_GENERIC_ERROR:
     scr_LogPrint(LPRINT_LOGNORM, "Generic SSL error!");
     break;
@@ -1732,14 +1732,14 @@
 {
   const char *userjid, *password, *resource, *servername, *ssl_fpr;
   char *dynresource = NULL;
-  char fpr[16];
+  char fpr[17] = {0};
   const char *proxy_host;
   const char *resource_prefix = PACKAGE_NAME;
   char *fjid;
   int ssl, tls;
   LmSSL *lssl;
   unsigned int port;
-  unsigned int ping;
+  unsigned int ping = 40;
   LmMessageHandler *handler;
   GError *error = NULL;
 
@@ -1765,7 +1765,6 @@
 
   g_log_set_handler("LM", LM_LOG_LEVEL_ALL, lm_debug_handler, NULL);
 
-  ping = 40;
   if (settings_opt_get("pinginterval"))
     ping = (unsigned int) settings_opt_get_int("pinginterval");
   lm_connection_set_keep_alive_rate(lconnection, ping);