aboutsummaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-10-20 14:54:57 +0200
committerKim Alvefur <zash@zash.se>2019-10-20 14:54:57 +0200
commit21b0efc6ad3d7b757bebc45330ca9e40dcc158b2 (patch)
tree744392cee8bea1b345b6c90ec44c4ce730148607 /plugins
parent4d28443876e2122d89bf41a2e57b34a6d1d4e813 (diff)
downloadprosody-21b0efc6ad3d7b757bebc45330ca9e40dcc158b2.tar.gz
prosody-21b0efc6ad3d7b757bebc45330ca9e40dcc158b2.zip
MUC: Validate registration dataform more carefully
Diffstat (limited to 'plugins')
-rw-r--r--plugins/muc/register.lib.lua14
1 files changed, 13 insertions, 1 deletions
diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua
index da106f8c..cfbdfb59 100644
--- a/plugins/muc/register.lib.lua
+++ b/plugins/muc/register.lib.lua
@@ -136,7 +136,19 @@ local function handle_register_iq(room, origin, stanza)
return true;
end
local form_tag = query:get_child("x", "jabber:x:data");
- local reg_data = form_tag and registration_form:data(form_tag);
+ if not form_tag then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing dataform"));
+ return true;
+ end
+ local form_type, err = dataforms.get_type(form_tag);
+ if not form_type then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Error with form: "..err));
+ return true;
+ elseif form_type ~= "http://jabber.org/protocol/muc#register" then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form"));
+ return true;
+ end
+ local reg_data = registration_form:data(form_tag);
if not reg_data then
origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form"));
return true;