Index: remoting/protocol/me2me_host_authenticator_factory.cc |
=================================================================== |
--- remoting/protocol/me2me_host_authenticator_factory.cc (revision 138222) |
+++ remoting/protocol/me2me_host_authenticator_factory.cc (working copy) |
@@ -58,30 +58,34 @@ |
} // namespace |
Me2MeHostAuthenticatorFactory::Me2MeHostAuthenticatorFactory( |
- const std::string& local_jid, |
const std::string& local_cert, |
const crypto::RSAPrivateKey& local_private_key, |
const SharedSecretHash& shared_secret_hash) |
: local_cert_(local_cert), |
local_private_key_(local_private_key.Copy()), |
shared_secret_hash_(shared_secret_hash) { |
- // Verify that |local_jid| is bare. |
- DCHECK_EQ(local_jid.find('/'), std::string::npos); |
- local_jid_prefix_ = local_jid + '/'; |
} |
Me2MeHostAuthenticatorFactory::~Me2MeHostAuthenticatorFactory() { |
} |
scoped_ptr<Authenticator> Me2MeHostAuthenticatorFactory::CreateAuthenticator( |
+ const std::string& local_jid, |
const std::string& remote_jid, |
const buzz::XmlElement* first_message) { |
+ |
+ size_t slash_pos = local_jid.find('/'); |
+ if (slash_pos == std::string::npos) { |
+ LOG(DFATAL) << "Invalid local JID:" << local_jid; |
+ return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
+ } |
+ |
// Verify that the client's jid is an ASCII string, and then check |
// that the client has the same bare jid as the host, i.e. client's |
// full JID starts with host's bare jid. Comparison is case |
// insensitive. |
if (!IsStringASCII(remote_jid) || |
- !StartsWithASCII(remote_jid, local_jid_prefix_, false)) { |
+ !StartsWithASCII(remote_jid, local_jid.substr(0, slash_pos + 1), false)) { |
LOG(ERROR) << "Rejecting incoming connection from " << remote_jid; |
return scoped_ptr<Authenticator>(new RejectingAuthenticator()); |
} |