diff options
author | Kim Alvefur <zash@zash.se> | 2018-05-25 21:09:34 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2018-05-25 21:09:34 +0200 |
commit | aa10a644c892489dd7e1612fd0540055597cada3 (patch) | |
tree | eb79ef1a95d4713f5ffddf68d2ea6361e2bb4d5a | |
parent | 6a404592eb7e429baf8cf14bc77455d9b3063a93 (diff) | |
download | prosody-aa10a644c892489dd7e1612fd0540055597cada3.tar.gz prosody-aa10a644c892489dd7e1612fd0540055597cada3.zip |
mod_c2s: Do not allow the stream 'to' to change across stream restarts (fixes #1147)
-rw-r--r-- | plugins/mod_c2s.lua | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index fdb3b211..2848f92f 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -40,12 +40,19 @@ local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/strea function stream_callbacks.streamopened(session, attr) local send = session.send; - session.host = nameprep(attr.to); - if not session.host then + local host = nameprep(attr.to); + if not host then session:close{ condition = "improper-addressing", text = "A valid 'to' attribute is required on stream headers" }; return; end + if not session.host then + session.host = host; + elseif session.host ~= host then + session:close{ condition = "not-authorized", + text = "The 'to' attribute must remain the same across stream restarts" }; + return; + end session.version = tonumber(attr.version) or 0; session.streamid = uuid_generate(); (session.log or session)("debug", "Client sent opening <stream:stream> to %s", session.host); |