Mercurial > ~mikael > mcabber > hg
comparison mcabber/mcabber/utils.c @ 2283:6e1ead98930d
Check origin of roster pushes
MCabber is vulnerable to roster push attacks as described by Daniel Gultsch
at https://gultsch.de/gajim_roster_push_and_message_interception.html.
This patch should fix the problem by checking the sender of the iq:roster
stanzas.
Thanks to Sam Whited for the report.
author | Mikael Berthe <mikael@lilotux.net> |
---|---|
date | Mon, 21 Nov 2016 20:35:28 +0100 |
parents | f5402d705f67 |
children | e00ae0763468 |
comparison
equal
deleted
inserted
replaced
2275:3d6986784dae | 2283:6e1ead98930d |
---|---|
94 char *get_servername(const char *username, const char *servername) | 94 char *get_servername(const char *username, const char *servername) |
95 { | 95 { |
96 char *ptr; | 96 char *ptr; |
97 char *server; | 97 char *server; |
98 | 98 |
99 if (!username) { | |
100 return NULL; | |
101 } | |
99 if ((ptr = strchr(username, JID_DOMAIN_SEPARATOR)) != NULL) { | 102 if ((ptr = strchr(username, JID_DOMAIN_SEPARATOR)) != NULL) { |
100 server = g_strdup(ptr+1); | 103 server = g_strdup(ptr+1); |
101 return server; | 104 return server; |
102 } | 105 } |
103 | 106 |