From 8f2b039615bc244e91527fb690250626f3c18159 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 3 Oct 2020 14:59:11 +0200 Subject: mod_bosh: Pick out the 'wait' before checking it instead of earlier Going to add more host related checks, so to keep the wait variable closer to the related checks --- plugins/mod_bosh.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index d4701148..7f750613 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -269,7 +269,6 @@ function stream_callbacks.streamopened(context, attr) context.notopen = nil; -- Signals that we accept this opening tag local to_host = nameprep(attr.to); - local wait = tonumber(attr.wait); if not to_host then log("debug", "BOSH client tried to connect to invalid host: %s", tostring(attr.to)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", @@ -277,6 +276,8 @@ function stream_callbacks.streamopened(context, attr) response:send(tostring(close_reply)); return; end + + local wait = tonumber(attr.wait); if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", -- cgit v1.2.3 From 62eee94e2bc04402be96786a7a83ade4a3728807 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 3 Oct 2020 15:03:09 +0200 Subject: mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425) --- plugins/mod_bosh.lua | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_bosh.lua b/plugins/mod_bosh.lua index 7f750613..52168670 100644 --- a/plugins/mod_bosh.lua +++ b/plugins/mod_bosh.lua @@ -277,6 +277,22 @@ function stream_callbacks.streamopened(context, attr) return; end + if not prosody.hosts[to_host] then + log("debug", "BOSH client tried to connect to non-existant host: %s", attr.to); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); + response:send(tostring(close_reply)); + return; + end + + if prosody.hosts[to_host].type ~= "local" then + log("debug", "BOSH client tried to connect to %s host: %s", prosody.hosts[to_host].type, attr.to); + local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate", + ["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" }); + response:send(tostring(close_reply)); + return; + end + local wait = tonumber(attr.wait); if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait)); -- cgit v1.2.3