[ice4j] r133 committed - Added support for validation of incoming FINGERPRINT attribtues

ice4j at googlecode.com ice4j at googlecode.com
Sun Apr 25 17:12:59 CEST 2010


Revision: 133
Author: emcho at sip-communicator.org
Date: Sun Apr 25 07:42:55 2010
Log: Added support for validation of incoming FINGERPRINT attribtues
http://code.google.com/p/ice4j/source/detail?r=133

Modified:
  /trunk/src/org/ice4j/attribute/Attribute.java
  /trunk/src/org/ice4j/attribute/AttributeDecoder.java
  /trunk/src/org/ice4j/attribute/FingerprintAttribute.java
  /trunk/src/org/ice4j/message/Message.java

=======================================
--- /trunk/src/org/ice4j/attribute/Attribute.java	Sun Apr 25 07:42:38 2010
+++ /trunk/src/org/ice4j/attribute/Attribute.java	Sun Apr 25 07:42:55 2010
@@ -159,8 +159,8 @@
      }

     /**
-    * Compares two STUN Attributes. Two attributes are considered equal  
when they
-    * have the same type length and value.
+    * Compares two STUN Attributes. Two attributes are considered equal  
when
+    * they have the same type length and value.
      *
      * @param obj the object to compare this attribute with.
      *
@@ -187,7 +187,8 @@
       *
       * @throws StunException if attrubteValue contains invalid data.
       */
-    abstract void decodeAttributeBody(
-                    byte[] attributeValue, char offset, char length)
+    abstract void decodeAttributeBody( byte[] attributeValue,
+                                       char   offset,
+                                       char   length)
          throws StunException;
  }
=======================================
--- /trunk/src/org/ice4j/attribute/AttributeDecoder.java	Sun Apr 25  
07:42:38 2010
+++ /trunk/src/org/ice4j/attribute/AttributeDecoder.java	Sun Apr 25  
07:42:55 2010
@@ -20,16 +20,29 @@
      /**
       * Decodes the specified binary array and returns the corresponding
       * attribute object.
+     *
       * @param bytes the binary array that should be decoded.
       * @param offset the index where the message starts.
       * @param length the number of bytes that the message is long.
+     * @param messageHeadBytes the binary array that contains the all the  
bytes
+     * of the message that brought this attribute up until the beginning  
of the
+     * attribute (at least).
+     * @param messageHeadOffset the start of the container message in the
+     * <tt>messageHeadBytes</tt> array.
+     * @param messageHeadLen the length of the message head in the
+     * <tt>messageHeadBytes</tt> array, up until the beginning of the  
attribute.
+     *
       * @return An object representing the attribute encoded in bytes or  
null if
-     *         the attribute was not recognized.
+     * the attribute was not recognized.
+     *
       * @throws StunException if bytes does is not a valid STUN attribute.
       */
-    public static Attribute decode(byte bytes[],
+    public static Attribute decode(byte[] bytes,
                                     char offset,
-                                   char length)
+                                   char length,
+                                   byte[] messageHeadBytes,
+                                   char messageHeadOffset,
+                                   char messageHeadLen)
          throws StunException
      {
          if(bytes == null || bytes.length < Attribute.HEADER_LENGTH)
@@ -119,9 +132,19 @@

          decodedAttribute.setAttributeType(attributeType);

-        decodedAttribute.decodeAttributeBody(bytes,
+        if (decodedAttribute instanceof ContentDependentAttribute)
+        {
+             
((ContentDependentAttribute)decodedAttribute).decodeAttributeBody(
+                 bytes, (char)(Attribute.HEADER_LENGTH + offset),
+                 attributeLength,
+                 messageHeadBytes, messageHeadOffset, messageHeadLen );
+        }
+        else
+        {
+            decodedAttribute.decodeAttributeBody(bytes,
                          (char)(Attribute.HEADER_LENGTH + offset),
                          attributeLength);
+        }

          return decodedAttribute;
      }
=======================================
--- /trunk/src/org/ice4j/attribute/FingerprintAttribute.java	Sun Apr 25  
07:42:38 2010
+++ /trunk/src/org/ice4j/attribute/FingerprintAttribute.java	Sun Apr 25  
07:42:55 2010
@@ -194,17 +194,30 @@
      }

      /**
-     * Sets this attribute's fields according to attributeValue array.
+     * Sets this attribute's fields according to the message and  
attributeValue
+     * arrays. This method allows the stack to validate the content of  
content
+     * dependent attributes such as the {@link MessageIntegrityAttribute}  
or
+     * the {@link FingerprintAttribute} and hide invalid ones from the
+     * application.
       *
       * @param attributeValue a binary array containing this attribute's  
field
       * values and NOT containing the attribute header.
       * @param offset the position where attribute values begin (most often
       * offset is equal to the index of the first byte after length)
       * @param length the length of the binary array.
+     * @param messageHead the bytes of the message that brought this  
attribute.
+     * @param mhOffset the start of the message that brought this attribute
+     * @param mhLen the length of the message in the messageHead param up  
until
+     * the start of this attribute.
       *
       * @throws StunException if attrubteValue contains invalid data.
       */
-    void decodeAttributeBody(byte[] attributeValue, char offset, char  
length)
+    public void decodeAttributeBody( byte[] attributeValue,
+                                     char offset,
+                                     char length,
+                                     byte[] messageHead,
+                                     char mhOffset,
+                                     char mhLen)
          throws StunException
      {
          if(length != 4)
@@ -216,6 +229,40 @@
              + ((attributeValue[1] << 16) & 0x00ff0000)
              + ((attributeValue[2] << 8)  & 0x0000ff00)
              +  (attributeValue[3]        & 0x000000ff);
+
+        //now check whether the CRC really is what it's supposed to be.
+        //re calculate the check sum
+        CRC32 checksum = new CRC32();
+        checksum.update(messageHead, mhOffset, mhLen);
+
+        long realChecksum = checksum.getValue();
+
+        //CRC failure.
+        if (realChecksum != crc)
+            throw new StunException(StunException.ILLEGAL_ARGUMENT,
+                "An incoming message arrived with a wrong FINGERPRINT "
+                +"attribute value. Will ignore.");
+    }
+
+    /**
+     * Always throws an {@link UnsupportedOperationException} since this
+     * attribute should be decoded through the content specific decode  
method.
+     *
+     * @param attributeValue a binary array containing this attribute's
+     * field values and NOT containing the attribute header.
+     * @param offset the position where attribute values begin (most often
+     * offset is equal to the index of the first byte after length)
+     * @param length the length of the binary array.
+     *
+     * @throws UnsupportedOperationException since we are supposed to  
decode
+     * through the content specific decode method.
+     */
+    void decodeAttributeBody(byte[] attributeValue, char offset, char  
length)
+        throws UnsupportedOperationException
+    {
+        throw new UnsupportedOperationException(
+                        "ContentDependentAttributes should be decoded "
+                        +"through the contend-dependent decode method");
      }
  }

=======================================
--- /trunk/src/org/ice4j/message/Message.java	Sun Apr 25 07:42:38 2010
+++ /trunk/src/org/ice4j/message/Message.java	Sun Apr 25 07:42:55 2010
@@ -567,6 +567,8 @@
          throws StunException
      {
          arrayLen = (char)Math.min(binMessage.length, arrayLen);
+        char initialOffset = offset;
+

          if(binMessage == null || arrayLen - offset < Message.HEADER_LENGTH)
              throw new StunException(StunException.ILLEGAL_ARGUMENT,
@@ -608,9 +610,10 @@

          while(offset - Message.HEADER_LENGTH< length)
          {
-            Attribute att = AttributeDecoder.decode(binMessage,
-                                                    offset,
-                                                    (char)(length -  
offset));
+            Attribute att = AttributeDecoder.decode(
+                binMessage, offset, (char)(length - offset), //attribute
+                binMessage, (char)initialOffset,
+                    (char)(offset - initialOffset)); // message head
              message.addAttribute(att);
              offset += att.getDataLength() + Attribute.HEADER_LENGTH;
          }

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe at sip-communicator.dev.java.net
For additional commands, e-mail: commits-help at sip-communicator.dev.java.net





More information about the commits mailing list