comparison plugins/mod_s2s.lua @ 14152:fed0dd8dda09 0.12

mod_c2s,mod_s2s: Introduce separate pre-authentication stanza size limit This should prevent unauthenticated resource use via the XML parser.
author Kim Alvefur <zash@zash.se>
date Tue, 07 Apr 2026 20:35:41 +0200
parents d5f322dd424b
children 363a79f54109
comparison
equal deleted inserted replaced
13636:1ef39ce837be 14152:fed0dd8dda09
39 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); 39 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true));
40 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... 40 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day...
41 local secure_domains, insecure_domains = 41 local secure_domains, insecure_domains =
42 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; 42 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items;
43 local require_encryption = module:get_option_boolean("s2s_require_encryption", true); 43 local require_encryption = module:get_option_boolean("s2s_require_encryption", true);
44 local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512); 44 local unauthed_stanza_size_limit = module:get_option_number("s2s_unauthed_stanza_size_limit", 10000, 1000);
45 local authed_stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512, 10000);
45 46
46 local measure_connections_inbound = module:metric( 47 local measure_connections_inbound = module:metric(
47 "gauge", "connections_inbound", "", 48 "gauge", "connections_inbound", "",
48 "Established incoming s2s connections", 49 "Established incoming s2s connections",
49 {"host", "type", "ip_family"} 50 {"host", "type", "ip_family"}
211 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza; 212 local from_host, to_host, stanza = event.from_host, event.to_host, event.stanza;
212 log("debug", "opening a new outgoing connection for this stanza"); 213 log("debug", "opening a new outgoing connection for this stanza");
213 local host_session = s2s_new_outgoing(from_host, to_host); 214 local host_session = s2s_new_outgoing(from_host, to_host);
214 host_session.version = 1; 215 host_session.version = 1;
215 216
217 host_session.stanza_size_limit = unauthed_stanza_size_limit;
218
216 -- Store in buffer 219 -- Store in buffer
217 host_session.bounce_sendq = bounce_sendq; 220 host_session.bounce_sendq = bounce_sendq;
218 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} }; 221 host_session.sendq = { {tostring(stanza), stanza.attr.type ~= "error" and stanza.attr.type ~= "result" and st.reply(stanza)} };
219 log("debug", "stanza [%s] queued until connection complete", stanza.name); 222 log("debug", "stanza [%s] queued until connection complete", stanza.name);
220 -- FIXME Cleaner solution to passing extra data from resolvers to net.server 223 -- FIXME Cleaner solution to passing extra data from resolvers to net.server
370 elseif session.type == "s2sin_unauthed" then 373 elseif session.type == "s2sin_unauthed" then
371 session.type = "s2sin"; 374 session.type = "s2sin";
372 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then 375 elseif session.type ~= "s2sin" and session.type ~= "s2sout" then
373 return false; 376 return false;
374 end 377 end
378
379 session.stanza_size_limit = authed_stanza_size_limit;
380 session.stream:set_stanza_size_limit(session.stanza_size_limit);
375 381
376 if session.incoming and host then 382 if session.incoming and host then
377 if not session.hosts[host] then session.hosts[host] = {}; end 383 if not session.hosts[host] then session.hosts[host] = {}; end
378 session.hosts[host].authed = true; 384 session.hosts[host].authed = true;
379 end 385 end
728 end 734 end
729 end 735 end
730 736
731 -- Session initialization logic shared by incoming and outgoing 737 -- Session initialization logic shared by incoming and outgoing
732 local function initialize_session(session) 738 local function initialize_session(session)
733 local stream = new_xmpp_stream(session, stream_callbacks, stanza_size_limit); 739 local stream = new_xmpp_stream(session, stream_callbacks, session.stanza_size_limit or unauthed_stanza_size_limit);
734 740
735 session.thread = runner(function (stanza) 741 session.thread = runner(function (stanza)
736 if st.is_stanza(stanza) then 742 if st.is_stanza(stanza) then
737 core_process_stanza(session, stanza); 743 core_process_stanza(session, stanza);
738 elseif stanza.stream == "opened" then 744 elseif stanza.stream == "opened" then