From 47a07875f24d62e6873b100bb3668b9b7938de60 Mon Sep 17 00:00:00 2001 From: Tom Smeding Date: Sat, 27 Feb 2021 17:47:37 +0100 Subject: server: Leak less information in error messages --- command.c | 107 ++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 52 insertions(+), 55 deletions(-) diff --git a/command.c b/command.c index d84c456..70024f5 100644 --- a/command.c +++ b/command.c @@ -29,13 +29,27 @@ struct cmd_retval{ #define RET_MEMZERO ((struct cmd_retval){.socket_close=false,.memzero=true}) #define RET_MEMZERO_CLOSE(close_) ((struct cmd_retval){.socket_close=(close_),.memzero=true}) +#define ERR_VERSION_UNSUPP "Version not supported" +#define ERR_USER_ALREADY_EXISTS "Username already exists" +#define ERR_INVALID_CREDS "Invalid credentials" +#define ERR_NOLOGIN "Not logged in" +#define ERR_NOROOM "Room not found" +#define ERR_NOUSER "User not found" +#define ERR_USER_ALREADY_IN_ROOM "User already in that room" +#define ERR_MSG_TOO_LONG "Message too long" +#define ERR_NOMSG "Message not found" +#define ERR_NOREPLYMSG "Replied-to message not found" +#define ERR_REPLYMSG_TIMETRAVEL "Replied-to message later than target timestamp" +#define ERR_SENDAT_UNAVAIL_3 "sendat unavailable in protocol version 3" +#define ERR_SENDAT_FORBIDDEN "sendat not allowed" + static struct cmd_retval cmd_version(struct conn_data *data,const char *tag,const char **args){ i64 version; if (!parse_i64(args[0], &version) || version < MIN_SUPPORTED_PROTOCOL_VERSION || version > PROTOCOL_VERSION) { data->protversion = -1; - net_send_error(data->fd, tag, "Version not supported"); + net_send_error(data->fd, tag, ERR_VERSION_UNSUPP); return RET_OK; } @@ -48,7 +62,7 @@ static struct cmd_retval cmd_version(struct conn_data *data,const char *tag,cons static struct cmd_retval cmd_register(struct conn_data *data,const char *tag,const char **args){ i64 userid=db_find_user(args[0]); if(userid!=-1){ - net_send_error(data->fd,tag,"Username already exists"); + net_send_error(data->fd,tag,ERR_USER_ALREADY_EXISTS); return RET_OK; } db_create_user(args[0],args[1]); @@ -63,7 +77,7 @@ static struct cmd_retval cmd_login(struct conn_data *data,const char *tag,const i64 userid=db_find_user(args[0]); if(userid==-1){ - net_send_error(data->fd,tag,"User not found"); + net_send_error(data->fd,tag,ERR_INVALID_CREDS); if(data->userid!=-1){ userdata_unregister(data->userid,data->fd); broadcast_online_change(data->userid); @@ -82,7 +96,7 @@ static struct cmd_retval cmd_login(struct conn_data *data,const char *tag,const broadcast_online_change(userid); } else { data->userid=-1; - net_send_error(data->fd,tag,"Incorrect password"); + net_send_error(data->fd,tag,ERR_INVALID_CREDS); } } return RET_MEMZERO; @@ -106,7 +120,7 @@ static struct cmd_retval cmd_change_password(struct conn_data *data, const char // to see that we indeed return MEMZERO. if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); } else { db_set_pass(data->userid, args[0]); net_send_ok(data->fd, tag); @@ -117,7 +131,7 @@ static struct cmd_retval cmd_change_password(struct conn_data *data, const char static struct cmd_retval cmd_list_rooms(struct conn_data *data,const char *tag,const char **args){ (void)args; if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } struct db_room_list rl=db_list_rooms(data->userid); @@ -136,16 +150,12 @@ static struct cmd_retval cmd_list_rooms(struct conn_data *data,const char *tag,c static struct cmd_retval cmd_list_members(struct conn_data *data,const char *tag,const char **args){ if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } i64 roomid=db_find_room(args[0]); - if(roomid==-1){ - net_send_error(data->fd,tag,"Room not found"); - return RET_OK; - } - if(!db_is_member(roomid,data->userid)){ - net_send_error(data->fd,tag,"Not in that room"); + if(roomid==-1||!db_is_member(roomid,data->userid)){ + net_send_error(data->fd,tag,ERR_NOROOM); return RET_OK; } @@ -166,7 +176,7 @@ static struct cmd_retval cmd_list_members(struct conn_data *data,const char *tag static struct cmd_retval cmd_create_room(struct conn_data *data,const char *tag,const char **args){ (void)args; if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } userdata_mark_active(data->userid, data->fd, true); @@ -197,7 +207,7 @@ static struct cmd_retval cmd_create_room(struct conn_data *data,const char *tag, static struct cmd_retval cmd_leave_room(struct conn_data *data,const char *tag,const char **args){ (void)args; if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } userdata_mark_active(data->userid, data->fd, true); @@ -206,12 +216,12 @@ static struct cmd_retval cmd_leave_room(struct conn_data *data,const char *tag,c i64 roomid = db_find_room(roomname); if (roomid == -1) { - net_send_error(data->fd, tag, "Room not found"); + net_send_error(data->fd, tag, ERR_NOROOM); return RET_OK; } if (!db_remove_member(roomid, data->userid)) { - net_send_error(data->fd, tag, "Not in that room"); + net_send_error(data->fd, tag, ERR_NOROOM); return RET_OK; } @@ -247,29 +257,24 @@ static struct cmd_retval cmd_leave_room(struct conn_data *data,const char *tag,c static struct cmd_retval cmd_invite(struct conn_data *data,const char *tag,const char **args){ if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } userdata_mark_active(data->userid,data->fd,true); const char *roomname=args[0]; i64 roomid=db_find_room(roomname); - if(roomid==-1){ - net_send_error(data->fd,tag,"Room not found"); + if(roomid==-1||!db_is_member(roomid,data->userid)){ + net_send_error(data->fd,tag,ERR_NOROOM); return RET_OK; } i64 user2=db_find_user(args[1]); if(user2==-1){ - net_send_error(data->fd,tag,"User not found"); - return RET_OK; - } - - if(!db_is_member(roomid,data->userid)){ - net_send_error(data->fd,tag,"Not in that room"); + net_send_error(data->fd,tag,ERR_NOUSER); return RET_OK; } if(db_is_member(roomid,user2)){ - net_send_error(data->fd,tag,"User already in that room"); + net_send_error(data->fd,tag,ERR_USER_ALREADY_IN_ROOM); return RET_OK; } @@ -315,7 +320,7 @@ static struct cmd_retval send_impl( const char *roomname,const char *replyidstr,const char *message, i64 timestamp,bool check_reply_earlier){ if(strlen(message)>MAX_MESSAGE_LEN){ - net_send_error(data->fd,tag,"Message too long"); + net_send_error(data->fd,tag,ERR_MSG_TOO_LONG); return RET_OK; } @@ -327,12 +332,8 @@ static struct cmd_retval send_impl( } const i64 roomid=db_find_room(roomname); - if(roomid==-1){ - net_send_error(data->fd,tag,"Room not found"); - return RET_OK; - } - if(!db_is_member(roomid,data->userid)){ - net_send_error(data->fd,tag,"Not in that room"); + if(roomid==-1||!db_is_member(roomid,data->userid)){ + net_send_error(data->fd,tag,ERR_NOROOM); return RET_OK; } @@ -340,10 +341,10 @@ static struct cmd_retval send_impl( const struct db_message msg=db_get_message(replyid); bool error_sent=false; if(msg.msgid==-1){ - net_send_error(data->fd,tag,"Replied-to message not found"); + net_send_error(data->fd,tag,ERR_NOREPLYMSG); error_sent=true; } else if(check_reply_earlier&&msg.timestamp>=timestamp){ - net_send_error(data->fd,tag,"Replied-to message later than target timestamp"); + net_send_error(data->fd,tag,ERR_REPLYMSG_TIMETRAVEL); error_sent=true; } db_nullify_message(msg); @@ -383,7 +384,7 @@ static struct cmd_retval send_impl( static struct cmd_retval cmd_send(struct conn_data *data, const char *tag, const char **args){ if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } userdata_mark_active(data->userid, data->fd, true); @@ -397,12 +398,12 @@ static struct cmd_retval cmd_send(struct conn_data *data, const char *tag, const static struct cmd_retval cmd_sendat(struct conn_data *data, const char *tag, const char **args){ if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } if (data->protversion < 4) { - net_send_error(data->fd, tag, "sendat unavailable in protocol version 3"); + net_send_error(data->fd, tag, ERR_SENDAT_UNAVAIL_3); return RET_OK; } @@ -413,7 +414,7 @@ static struct cmd_retval cmd_sendat(struct conn_data *data, const char *tag, con const char *message = args[4]; if (!config_check_apikey(apikey).sendat) { - net_send_error(data->fd, tag, "sendat not allowed"); + net_send_error(data->fd, tag, ERR_SENDAT_FORBIDDEN); return RET_OK; } @@ -438,17 +439,13 @@ static struct cmd_retval history_cmd_helper( } if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } const char *roomname=args[0]; i64 roomid=db_find_room(roomname); - if(roomid==-1){ - net_send_error(data->fd,tag,"Room not found"); - return RET_OK; - } - if(!db_is_member(roomid,data->userid)){ - net_send_error(data->fd,tag,"Not in that room"); + if(roomid==-1||!db_is_member(roomid,data->userid)){ + net_send_error(data->fd,tag,ERR_NOROOM); return RET_OK; } @@ -503,20 +500,20 @@ static struct cmd_retval cmd_get_message(struct conn_data *data, const char *tag } if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } struct db_message msg = db_get_message(msgid); if (msg.msgid == -1) { - net_send_error(data->fd, tag, "Message not found"); + net_send_error(data->fd, tag, ERR_NOMSG); return RET_OK; } if (!db_is_member(msg.roomid, data->userid)) { db_nullify_message(msg); // Don't disclose that the message actually exists elsewhere - net_send_error(data->fd, tag, "Message not found"); + net_send_error(data->fd, tag, ERR_NOMSG); return RET_OK; } @@ -543,13 +540,13 @@ static struct cmd_retval cmd_ping(struct conn_data *data,const char *tag,const c static struct cmd_retval cmd_is_online(struct conn_data *data,const char *tag,const char **args){ if (data->userid == -1) { - net_send_error(data->fd, tag, "Not logged in"); + net_send_error(data->fd, tag, ERR_NOLOGIN); return RET_OK; } i64 userid2 = db_find_user(args[0]); if (userid2 == -1 || !db_user_knows_user(data->userid, userid2)) { - net_send_error(data->fd, tag, "User not found"); + net_send_error(data->fd, tag, ERR_NOUSER); return RET_OK; } i64 nfds; @@ -559,7 +556,7 @@ static struct cmd_retval cmd_is_online(struct conn_data *data,const char *tag,co static struct cmd_retval cmd_firebase_token(struct conn_data *data,const char *tag,const char **args){ if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } db_add_token(data->userid,args[0]); @@ -568,7 +565,7 @@ static struct cmd_retval cmd_firebase_token(struct conn_data *data,const char *t static struct cmd_retval cmd_delete_firebase_token(struct conn_data *data,const char *tag,const char **args){ if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } db_delete_token(data->userid,args[0]); @@ -577,7 +574,7 @@ static struct cmd_retval cmd_delete_firebase_token(struct conn_data *data,const static struct cmd_retval cmd_user_active(struct conn_data *data,const char *tag,const char **args){ if(data->userid==-1){ - net_send_error(data->fd,tag,"Not logged in"); + net_send_error(data->fd,tag,ERR_NOLOGIN); return RET_OK; } i64 active; -- cgit v1.2.3