aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2018-05-25 21:09:34 +0200
committerKim Alvefur <zash@zash.se>2018-05-25 21:09:34 +0200
commitbd0478207739d4f7e6ea8db92d3d1b667187a7db (patch)
treeeb79ef1a95d4713f5ffddf68d2ea6361e2bb4d5a
parentaabbeba1420f9e74eb8d690c3354551d1ade391a (diff)
downloadprosody-vault/0.9.14.tar.gz
prosody-vault/0.9.14.zip
mod_c2s: Do not allow the stream 'to' to change across stream restarts (fixes #1147)vault/0.9.14
-rw-r--r--plugins/mod_c2s.lua11
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index fdb3b211..2848f92f 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -40,12 +40,19 @@ local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/strea
function stream_callbacks.streamopened(session, attr)
local send = session.send;
- session.host = nameprep(attr.to);
- if not session.host then
+ local host = nameprep(attr.to);
+ if not host then
session:close{ condition = "improper-addressing",
text = "A valid 'to' attribute is required on stream headers" };
return;
end
+ if not session.host then
+ session.host = host;
+ elseif session.host ~= host then
+ session:close{ condition = "not-authorized",
+ text = "The 'to' attribute must remain the same across stream restarts" };
+ return;
+ end
session.version = tonumber(attr.version) or 0;
session.streamid = uuid_generate();
(session.log or session)("debug", "Client sent opening <stream:stream> to %s", session.host);