From 44decd6ac1168d8fce36958817f7c1e4b31b9d4b Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Fri, 25 May 2018 21:09:34 +0200 Subject: mod_c2s: Do not allow the stream 'to' to change across stream restarts (fixes #1147) --- plugins/mod_c2s.lua | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua index fdb3b211..2848f92f 100644 --- a/plugins/mod_c2s.lua +++ b/plugins/mod_c2s.lua @@ -40,12 +40,19 @@ local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/strea function stream_callbacks.streamopened(session, attr) local send = session.send; - session.host = nameprep(attr.to); - if not session.host then + local host = nameprep(attr.to); + if not host then session:close{ condition = "improper-addressing", text = "A valid 'to' attribute is required on stream headers" }; return; end + if not session.host then + session.host = host; + elseif session.host ~= host then + session:close{ condition = "not-authorized", + text = "The 'to' attribute must remain the same across stream restarts" }; + return; + end session.version = tonumber(attr.version) or 0; session.streamid = uuid_generate(); (session.log or session)("debug", "Client sent opening to %s", session.host); -- cgit v1.2.3