Validating Info/Query (IQ) stanzas in the Extensible Messaging and Presence Protocol (XMPP)

Fixes robbiehanson#300

Author: ObjColumnist

Core/XMPPStream.h

@@ -14,6 +14,7 @@
 @class XMPPMessage;
 @class XMPPPresence;
 @class XMPPModule;
+@class XMPPElement;
 @class XMPPElementReceipt;
 @protocol XMPPStreamDelegate;
 
@@ -589,6 +590,18 @@ extern const NSTimeInterval XMPPStreamTimeoutNone;
 **/
 - (void)resendMyPresence;
 
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+#pragma mark Stanza Validation
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+/**
+ * Validates that a response element is FROM the jid that the request element was sent TO.
+ * Supports validating responses when request didn't specify a TO.
+**/
+- (BOOL)isValidResponseElementFrom:(XMPPJID *)from forRequestElementTo:(XMPPJID *)to;
+
+- (BOOL)isValidResponseElement:(XMPPElement *)response forRequestElement:(XMPPElement *)request;
+
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 #pragma mark Module Plug-In System
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Core/XMPPStream.m

@@ -2,6 +2,7 @@
 #import "XMPPParser.h"
 #import "XMPPLogging.h"
 #import "XMPPInternal.h"
+#import "XMPPIDTracker.h"
 #import "XMPPSRVResolver.h"
 #import "NSData+XMPP.h"
 
@@ -130,6 +131,8 @@ @interface XMPPStream ()
 	XMPPSRVResolver *srvResolver;
 	NSArray *srvResults;
 	NSUInteger srvResultsIndex;
+    
+    XMPPIDTracker *idTracker;
 
 	NSMutableArray *receipts;
 
@@ -208,6 +211,8 @@ - (void)commonInit
 
 	registeredModules = [[NSMutableArray alloc] init];
 	autoDelegateDict = [[NSMutableDictionary alloc] init];
+    
+    idTracker = [[XMPPIDTracker alloc] initWithStream:self dispatchQueue:xmppQueue];
 
 	receipts = [[NSMutableArray alloc] init];
 }
@@ -278,6 +283,8 @@ - (void)dealloc
 		dispatch_source_cancel(keepAliveTimer);
 	}
 
+    [idTracker removeAllIDs];
+    
 	for (XMPPElementReceipt *receipt in receipts)
 	{
 		[receipt signalFailure];
@@ -1620,11 +1627,10 @@ - (BOOL)registerWithElements:(NSArray *)elements error:(NSError **)errPtr
             [queryElement addChild:element];
         }
 
-		NSXMLElement *iqElement = [NSXMLElement elementWithName:@"iq"];
-		[iqElement addAttributeWithName:@"type" stringValue:@"set"];
-		[iqElement addChild:queryElement];
+		XMPPIQ *iq = [XMPPIQ iqWithType:@"set"];
+		[iq addChild:queryElement];
 
-		NSString *outgoingStr = [iqElement compactXMLString];
+		NSString *outgoingStr = [iq compactXMLString];
 		NSData *outgoingData = [outgoingStr dataUsingEncoding:NSUTF8StringEncoding];
 
 		XMPPLogSend(@"SEND: %@", outgoingStr);
@@ -3274,9 +3280,7 @@ - (void)handleStreamFeatures
 			NSXMLElement *bind = [NSXMLElement elementWithName:@"bind" xmlns:@"urn:ietf:params:xml:ns:xmpp-bind"];
 			[bind addChild:resource];
 
-			NSXMLElement *iq = [NSXMLElement elementWithName:@"iq"];
-			[iq addAttributeWithName:@"type" stringValue:@"set"];
-			[iq addAttributeWithName:@"id" stringValue:[self generateUUID]];
+			XMPPIQ *iq = [XMPPIQ iqWithType:@"set" elementID:[self generateUUID]];
 			[iq addChild:bind];
 
 			NSString *outgoingStr = [iq compactXMLString];
@@ -3288,16 +3292,19 @@ - (void)handleStreamFeatures
 			[asyncSocket writeData:outgoingData
 					   withTimeout:TIMEOUT_XMPP_WRITE
 							   tag:TAG_XMPP_WRITE_STREAM];
+            
+            [idTracker addElement:iq
+                           target:nil
+                         selector:NULL
+                          timeout:XMPPIDTrackerTimeoutNone];
 		}
 		else
 		{
 			// The user didn't specify a resource, so we ask the server to bind one for us
 
 			NSXMLElement *bind = [NSXMLElement elementWithName:@"bind" xmlns:@"urn:ietf:params:xml:ns:xmpp-bind"];
 
-			NSXMLElement *iq = [NSXMLElement elementWithName:@"iq"];
-			[iq addAttributeWithName:@"type" stringValue:@"set"];
-			[iq addAttributeWithName:@"id" stringValue:[self generateUUID]];
+			XMPPIQ *iq = [XMPPIQ iqWithType:@"set" elementID:[self generateUUID]];
 			[iq addChild:bind];
 
 			NSString *outgoingStr = [iq compactXMLString];
@@ -3309,6 +3316,11 @@ - (void)handleStreamFeatures
 			[asyncSocket writeData:outgoingData
 					   withTimeout:TIMEOUT_XMPP_WRITE
 							   tag:TAG_XMPP_WRITE_STREAM];
+            
+            [idTracker addElement:iq
+                           target:nil
+                         selector:NULL
+                          timeout:XMPPIDTrackerTimeoutNone];
 		}
 
 		// We're already listening for the response...
@@ -3481,9 +3493,7 @@ - (void)handleBinding:(NSXMLElement *)response
 			NSXMLElement *session = [NSXMLElement elementWithName:@"session"];
 			[session setXmlns:@"urn:ietf:params:xml:ns:xmpp-session"];
 
-			NSXMLElement *iq = [NSXMLElement elementWithName:@"iq"];
-			[iq addAttributeWithName:@"type" stringValue:@"set"];
-            [iq addAttributeWithName:@"id" stringValue:[self generateUUID]];
+			XMPPIQ *iq = [XMPPIQ iqWithType:@"set" elementID:[self generateUUID]];
 			[iq addChild:session];
 
 			NSString *outgoingStr = [iq compactXMLString];
@@ -3495,6 +3505,11 @@ - (void)handleBinding:(NSXMLElement *)response
 			[asyncSocket writeData:outgoingData
 					   withTimeout:TIMEOUT_XMPP_WRITE
 							   tag:TAG_XMPP_WRITE_STREAM];
+            
+            [idTracker addElement:iq
+                           target:nil
+                         selector:NULL
+                          timeout:XMPPIDTrackerTimeoutNone];
 
 			// Update state
 			state = STATE_XMPP_START_SESSION;
@@ -3601,6 +3616,11 @@ - (void)continueHandleBinding:(NSString *)alternativeResource
 		[asyncSocket writeData:outgoingData
 		           withTimeout:TIMEOUT_XMPP_WRITE
 		                   tag:TAG_XMPP_WRITE_STREAM];
+        
+        [idTracker addElement:iq
+                       target:nil
+                     selector:NULL
+                      timeout:XMPPIDTrackerTimeoutNone];
 
 		// The state remains in STATE_XMPP_BINDING
 	}
@@ -3622,6 +3642,11 @@ - (void)continueHandleBinding:(NSString *)alternativeResource
 		[asyncSocket writeData:outgoingData
 		           withTimeout:TIMEOUT_XMPP_WRITE
 		                   tag:TAG_XMPP_WRITE_STREAM];
+        
+        [idTracker addElement:iq
+                       target:nil
+                     selector:NULL
+                      timeout:XMPPIDTrackerTimeoutNone];
 
 		// The state remains in STATE_XMPP_BINDING
 	}
@@ -3898,6 +3923,9 @@ - (void)socketDidDisconnect:(GCDAsyncSocket *)sock withError:(NSError *)err
 		// Clear srv results
 		srvResolver = nil;
 		srvResults = nil;
+        
+        // Stop tracking IDs
+        [idTracker removeAllIDs];
 
 		// Clear any pending receipts
 		for (XMPPElementReceipt *receipt in receipts)
@@ -4010,8 +4038,7 @@ - (void)xmppParser:(XMPPParser *)sender didReadRoot:(NSXMLElement *)root
 
 			NSXMLElement *query = [NSXMLElement elementWithName:@"query" xmlns:@"jabber:iq:auth"];
 
-			NSXMLElement *iq = [NSXMLElement elementWithName:@"iq"];
-			[iq addAttributeWithName:@"type" stringValue:@"get"];
+            XMPPIQ *iq = [XMPPIQ iqWithType:@"get" elementID:[self generateUUID]];
 			[iq addChild:query];
 
 			NSString *outgoingStr = [iq compactXMLString];
@@ -4073,13 +4100,23 @@ - (void)xmppParser:(XMPPParser *)sender didReadElement:(NSXMLElement *)element
 	}
 	else if (state == STATE_XMPP_BINDING)
 	{
-		// The response from our binding request
-		[self handleBinding:element];
+        XMPPIQ *iq = [XMPPIQ iqFromElement:element];
+        
+        if([idTracker invokeForElement:iq withObject:element])
+        {
+            // The response from our binding request
+            [self handleBinding:element];
+        }
 	}
 	else if (state == STATE_XMPP_START_SESSION)
 	{
-		// The response from our start session request
-		[self handleStartSessionResponse:element];
+        XMPPIQ *iq = [XMPPIQ iqFromElement:element];
+        
+        if([idTracker invokeForElement:iq withObject:element])
+        {
+            // The response from our start session request
+            [self handleStartSessionResponse:element];
+        }
 	}
 	else
 	{
@@ -4230,6 +4267,49 @@ - (void)keepAlive
 	}
 }
 
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+#pragma mark Stanza Validation
+////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+- (BOOL)isValidResponseElementFrom:(XMPPJID *)from forRequestElementTo:(XMPPJID *)to
+{
+    BOOL valid = YES;
+    
+    if(to)
+    {
+        if(![to isEqualToJID:from])
+        {
+            valid = NO;
+        }
+    }
+/**
+ * Replies for Stanza's that had no TO will be accepted if the FROM is:
+ *
+ * No from.
+ * from = the bare account JID.
+ * from = the full account JID (legal in 3920, but not 6120).
+ * from = the server's domain.
+**/
+    else if(!to && from)
+    {
+        if(![from isEqualToJID:self.myJID options:XMPPJIDCompareBare]
+           && ![from isEqualToJID:self.myJID options:XMPPJIDCompareFull]
+           && ![from isEqualToJID:[self.myJID domainJID] options:XMPPJIDCompareFull])
+        {
+            valid = NO;
+        }
+    }
+    
+    return valid;
+}
+
+- (BOOL)isValidResponseElement:(XMPPElement *)response forRequestElement:(XMPPElement *)request
+{
+    if(!response || !request) return NO;
+    
+    return [self isValidResponseElementFrom:[response from] forRequestElementTo:[request to]];
+}
+
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 #pragma mark Module Plug-In System
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Extensions/Roster/XMPPRoster.m

@@ -91,7 +91,7 @@ - (BOOL)activate:(XMPPStream *)aXmppStream
 	{
         XMPPLogVerbose(@"%@: Activated", THIS_FILE);
 
-        xmppIDTracker = [[XMPPIDTracker alloc] initWithDispatchQueue:moduleQueue];
+        xmppIDTracker = [[XMPPIDTracker alloc] initWithStream:xmppStream dispatchQueue:moduleQueue];
 
 		#ifdef _XMPP_VCARD_AVATAR_MODULE_H
 		{
@@ -798,7 +798,7 @@ - (BOOL)xmppStream:(XMPPStream *)sender didReceiveIQ:(XMPPIQ *)iq
         }
         else if([iq isResultIQ])
         {
-            [xmppIDTracker invokeForID:[iq elementID] withObject:iq];
+            [xmppIDTracker invokeForElement:iq withObject:iq];
         }
 
 		return YES;

Extensions/XEP-0054/XMPPvCardTempModule.m

@@ -84,7 +84,7 @@ - (BOOL)activate:(XMPPStream *)aXmppStream
 	{
 		// Custom code goes here (if needed)
 
-        _myvCardTracker = [[XMPPIDTracker alloc] initWithDispatchQueue:moduleQueue];
+        _myvCardTracker = [[XMPPIDTracker alloc] initWithStream:xmppStream dispatchQueue:moduleQueue];
 
 		return YES;
 	}
@@ -185,16 +185,14 @@ - (void)updateMyvCardTemp:(XMPPvCardTemp *)vCardTemp
     dispatch_block_t block = ^{ @autoreleasepool {
 
         XMPPvCardTemp *newvCardTemp = [vCardTemp copy];
-
-        NSString *myvCardElementID = [xmppStream generateUUID];
 
-        XMPPIQ *iq = [XMPPIQ iqWithType:@"set" to:nil elementID:myvCardElementID child:newvCardTemp];
+        XMPPIQ *iq = [XMPPIQ iqWithType:@"set" to:nil elementID:[xmppStream generateUUID] child:newvCardTemp];
         [xmppStream sendElement:iq];
 
-        [_myvCardTracker addID:myvCardElementID
-                       target:self
-                     selector:@selector(handleMyvcard:withInfo:)
-                      timeout:600];
+        [_myvCardTracker addElement:iq
+                             target:self
+                           selector:@selector(handleMyvcard:withInfo:)
+                            timeout:600];
 
         [self _updatevCardTemp:newvCardTemp forJID:[xmppStream myJID]];
 
@@ -261,7 +259,7 @@ - (BOOL)xmppStream:(XMPPStream *)sender didReceiveIQ:(XMPPIQ *)iq
 {
 	// This method is invoked on the moduleQueue.
 
-    [_myvCardTracker invokeForID:[iq elementID] withObject:iq];
+    [_myvCardTracker invokeForElement:iq withObject:iq];
 
 	// Remember XML heirarchy memory management rules.
 	// The passed parameter is a subnode of the IQ, and we need to pass it to an asynchronous operation.