aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWaqas Hussain <waqas20@gmail.com>2008-10-08 20:37:16 +0500
committerWaqas Hussain <waqas20@gmail.com>2008-10-08 20:37:16 +0500
commit2afc5cdef025c308f74adf824e3fe033ae731587 (patch)
tree3b2a340aca4a5de19ad091bf0ef755ea5924a632
parente00ee968306da54370d5c86ac871e0d8f5456305 (diff)
downloadprosody-2afc5cdef025c308f74adf824e3fe033ae731587.tar.gz
prosody-2afc5cdef025c308f74adf824e3fe033ae731587.zip
Fized: Added check to ensure that resource binding is done after auth.
-rw-r--r--core/stanza_router.lua7
1 files changed, 7 insertions, 0 deletions
diff --git a/core/stanza_router.lua b/core/stanza_router.lua
index e5603cae..02e0871f 100644
--- a/core/stanza_router.lua
+++ b/core/stanza_router.lua
@@ -16,6 +16,13 @@ local jid_split = jid.split;
function core_process_stanza(origin, stanza)
log("debug", "Received: "..tostring(stanza))
-- TODO verify validity of stanza (as well as JID validity)
+
+ if origin.type == "c2s" and not origin.full_jid
+ and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
+ and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
+ error("Client MUST bind resource after auth");
+ end
+
local to = stanza.attr.to;
stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation