From c4a1bd7932f617b3ddbc9009e5a32ae9a426f9e5 Mon Sep 17 00:00:00 2001 From: Jonathan Schleifer Date: Sat, 3 Oct 2020 17:20:34 +0000 Subject: [PATCH] More validation of server responses FossilOrigin-Name: 71e1a46c8f9d7dbfa9a5fe55fbdb37778b928491105a4c901e768699617ef090 --- src/MTXClient.m | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/MTXClient.m b/src/MTXClient.m index 608574d..0d0171f 100644 --- a/src/MTXClient.m +++ b/src/MTXClient.m @@ -98,14 +98,21 @@ validateHomeserver(OFURL *homeserver) OFString *userID = response[@"user_id"]; OFString *deviceID = response[@"device_id"]; OFString *accessToken = response[@"access_token"]; - if (userID == nil || deviceID == nil || - accessToken == nil) { + if (![userID isKindOfClass: OFString.class] || + ![deviceID isKindOfClass: OFString.class] || + ![accessToken isKindOfClass: OFString.class]) { block(nil, [OFInvalidServerReplyException exception]); return; } OFString *baseURL = response[@"well_known"][@"m.homeserver"][@"base_url"]; + if (baseURL != nil && + ![baseURL isKindOfClass: OFString.class]) { + block(nil, [OFInvalidServerReplyException exception]); + return; + } + OFURL *realHomeserver; if (baseURL != nil) { @try { @@ -218,7 +225,7 @@ validateHomeserver(OFURL *homeserver) return; } - if (statusCode != 200 || response[@"joined_rooms"] == nil) { + if (statusCode != 200) { block(nil, [MTXFetchRoomListFailedException exceptionWithClient: self statusCode: statusCode @@ -226,6 +233,19 @@ validateHomeserver(OFURL *homeserver) return; } + OFArray *joinedRooms = response[@"joined_rooms"]; + if (![joinedRooms isKindOfClass: OFArray.class]) { + block(nil, [OFInvalidServerReplyException exception]); + return; + } + for (OFString *room in joinedRooms) { + if (![room isKindOfClass: OFString.class]) { + block(nil, + [OFInvalidServerReplyException exception]); + return; + } + } + block(response[@"joined_rooms"], nil); }];