From cffb8bea9a82b514aec4ec3b479e055298c3c4bb Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 2 Nov 2019 15:27:53 +0100
Subject: mod_dialback: Abort early if request is missing addressing attributes

Prevents traceback from passing nil to nameprep()
---
 plugins/mod_dialback.lua | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'plugins/mod_dialback.lua')

diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index eddc3209..dc843498 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -93,6 +93,11 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
 		-- he wants to be identified through dialback
 		-- We need to check the key with the Authoritative server
 		local attr = stanza.attr;
+		if not attr.to or not attr.from then
+			origin.log("debug", "Missing Dialback addressing (from=%q, to=%q)", attr.from, attr.to);
+			origin:close("improper-addressing");
+			return true;
+		end
 		local to, from = nameprep(attr.to), nameprep(attr.from);
 
 		if not hosts[to] then
-- 
cgit v1.2.3


From 5123cae2ff7ce9c0abfb575615779803ae914dde Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 2 Nov 2019 15:40:20 +0100
Subject: mod_dialback: Fix potential traceback in case of missing addressing

Not tested. Assuming nothing good comes from continuing the program flow
after this. The connection should get closed and the event gets aborted
by a traceback anyways.
---
 plugins/mod_dialback.lua | 1 +
 1 file changed, 1 insertion(+)

(limited to 'plugins/mod_dialback.lua')

diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua
index dc843498..f580d948 100644
--- a/plugins/mod_dialback.lua
+++ b/plugins/mod_dialback.lua
@@ -107,6 +107,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event)
 			return true;
 		elseif not from then
 			origin:close("improper-addressing");
+			return true;
 		end
 
 		if dwd and origin.secure then
-- 
cgit v1.2.3