aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2010-07-03 03:23:25 +0100
committerMatthew Wild <mwild1@gmail.com>2010-07-03 03:23:25 +0100
commitafd2f3da8a34282e02e744cd1b13c62e66d613ae (patch)
tree3d4141d496c5e1212b96442169f47b31ae5106ab
parent423ad6b5d1e075b11b8cb7d10703a2ba07ef306b (diff)
downloadprosody-afd2f3da8a34282e02e744cd1b13c62e66d613ae.tar.gz
prosody-afd2f3da8a34282e02e744cd1b13c62e66d613ae.zip
xmppcomponent_listener: Validate to/from on components, fixes #104 and #162
-rw-r--r--net/xmppcomponent_listener.lua21
1 files changed, 21 insertions, 0 deletions
diff --git a/net/xmppcomponent_listener.lua b/net/xmppcomponent_listener.lua
index b87f7c96..2d6d7de8 100644
--- a/net/xmppcomponent_listener.lua
+++ b/net/xmppcomponent_listener.lua
@@ -99,6 +99,27 @@ function stream_callbacks.handlestanza(session, stanza)
if not stanza.attr.xmlns and stanza.name == "handshake" then
stanza.attr.xmlns = xmlns_component;
end
+ local from = stanza.attr.from;
+ if from then
+ if session.component_validate_from then
+ local _, domain = jid_split(stanza.attr.from);
+ if domain ~= session.host then
+ -- Return error
+ session:close{
+ condition = "invalid-from";
+ text = "Component tried to send from address <"..tostring(from)
+ .."> which is not in domain <"..tostring(session.host)..">";
+ };
+ return;
+ end
+ end
+ else
+ stanza.attr.from = session.host;
+ end
+ if not stanza.attr.to then
+ session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas"));
+ return;
+ end
return core_process_stanza(session, stanza);
end