diff options
| author | Waqas Hussain <waqas20@gmail.com> | 2008-10-08 20:37:16 +0500 |
|---|---|---|
| committer | Waqas Hussain <waqas20@gmail.com> | 2008-10-08 20:37:16 +0500 |
| commit | 2afc5cdef025c308f74adf824e3fe033ae731587 (patch) | |
| tree | 3b2a340aca4a5de19ad091bf0ef755ea5924a632 | |
| parent | e00ee968306da54370d5c86ac871e0d8f5456305 (diff) | |
| download | prosody-2afc5cdef025c308f74adf824e3fe033ae731587.tar.gz prosody-2afc5cdef025c308f74adf824e3fe033ae731587.zip | |
Fized: Added check to ensure that resource binding is done after auth.
| -rw-r--r-- | core/stanza_router.lua | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/core/stanza_router.lua b/core/stanza_router.lua index e5603cae..02e0871f 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -16,6 +16,13 @@ local jid_split = jid.split; function core_process_stanza(origin, stanza) log("debug", "Received: "..tostring(stanza)) -- TODO verify validity of stanza (as well as JID validity) + + if origin.type == "c2s" and not origin.full_jid + and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind" + and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then + error("Client MUST bind resource after auth"); + end + local to = stanza.attr.to; stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation |