More validation of server responses

FossilOrigin-Name: 71e1a46c8f9d7dbfa9a5fe55fbdb37778b928491105a4c901e768699617ef090
2020-10-03 17:20:34 +00:00 · 2020-10-03 17:20:34 +00:00 · c4a1bd7932
commit c4a1bd7932
parent c7fc35fb0f
1 changed files with 23 additions and 3 deletions
--- a/src/MTXClient.m
+++ b/src/MTXClient.m
@ -98,14 +98,21 @@ validateHomeserver(OFURL *homeserver)
 		OFString *userID = response[@"user_id"];
 		OFString *deviceID = response[@"device_id"];
 		OFString *accessToken = response[@"access_token"];
-		if (userID == nil || deviceID == nil ||
-		    accessToken == nil) {
+		if (![userID isKindOfClass: OFString.class] ||
+		    ![deviceID isKindOfClass: OFString.class] ||
+		    ![accessToken isKindOfClass: OFString.class]) {
 			block(nil, [OFInvalidServerReplyException exception]);
 			return;
 		}

 		OFString *baseURL =
 		    response[@"well_known"][@"m.homeserver"][@"base_url"];
+		if (baseURL != nil &&
+		    ![baseURL isKindOfClass: OFString.class]) {
+			block(nil, [OFInvalidServerReplyException exception]);
+			return;
+		}
+
 		OFURL *realHomeserver;
 		if (baseURL != nil) {
 			@try {
@ -218,7 +225,7 @@ validateHomeserver(OFURL *homeserver)
 			return;
 		}

-		if (statusCode != 200 || response[@"joined_rooms"] == nil) {
+		if (statusCode != 200) {
 			block(nil, [MTXFetchRoomListFailedException
 			    exceptionWithClient: self
 				     statusCode: statusCode
@ -226,6 +233,19 @@ validateHomeserver(OFURL *homeserver)
 			return;
 		}

+		OFArray<OFString *> *joinedRooms = response[@"joined_rooms"];
+		if (![joinedRooms isKindOfClass: OFArray.class]) {
+			block(nil, [OFInvalidServerReplyException exception]);
+			return;
+		}
+		for (OFString *room in joinedRooms) {
+			if (![room isKindOfClass: OFString.class]) {
+				block(nil,
+				    [OFInvalidServerReplyException exception]);
+				return;
+			}
+		}
+
 		block(response[@"joined_rooms"], nil);
 	}];