From c66adb1b89d584c2ca07579c81e54043a3193a18 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:27:53 +0100 Subject: mod_dialback: Abort early if request is missing addressing attributes Prevents traceback from passing nil to nameprep() --- plugins/mod_dialback.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins/mod_dialback.lua') diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index eddc3209..dc843498 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -93,6 +93,11 @@ module:hook("stanza/jabber:server:dialback:result", function(event) -- he wants to be identified through dialback -- We need to check the key with the Authoritative server local attr = stanza.attr; + if not attr.to or not attr.from then + origin.log("debug", "Missing Dialback addressing (from=%q, to=%q)", attr.from, attr.to); + origin:close("improper-addressing"); + return true; + end local to, from = nameprep(attr.to), nameprep(attr.from); if not hosts[to] then -- cgit v1.2.3 From fd7ac7b72e6337637c7d02ab5858067357be542d Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:40:20 +0100 Subject: mod_dialback: Fix potential traceback in case of missing addressing Not tested. Assuming nothing good comes from continuing the program flow after this. The connection should get closed and the event gets aborted by a traceback anyways. --- plugins/mod_dialback.lua | 1 + 1 file changed, 1 insertion(+) (limited to 'plugins/mod_dialback.lua') diff --git a/plugins/mod_dialback.lua b/plugins/mod_dialback.lua index dc843498..f580d948 100644 --- a/plugins/mod_dialback.lua +++ b/plugins/mod_dialback.lua @@ -107,6 +107,7 @@ module:hook("stanza/jabber:server:dialback:result", function(event) return true; elseif not from then origin:close("improper-addressing"); + return true; end if dwd and origin.secure then -- cgit v1.2.3