Mercurial > ~mikael > mcabber > hg
comparison mcabber/mcabber/xmpp_iq.c @ 2283:6e1ead98930d
Check origin of roster pushes
MCabber is vulnerable to roster push attacks as described by Daniel Gultsch
at https://gultsch.de/gajim_roster_push_and_message_interception.html.
This patch should fix the problem by checking the sender of the iq:roster
stanzas.
Thanks to Sam Whited for the report.
| author | Mikael Berthe <mikael@lilotux.net> |
|---|---|
| date | Mon, 21 Nov 2016 20:35:28 +0100 |
| parents | f5402d705f67 |
| children | 71ec41732035 |
comparison
equal
deleted
inserted
replaced
| 2275:3d6986784dae | 2283:6e1ead98930d |
|---|---|
| 580 char *cleanalias; | 580 char *cleanalias; |
| 581 enum subscr esub; | 581 enum subscr esub; |
| 582 int need_refresh = FALSE; | 582 int need_refresh = FALSE; |
| 583 guint roster_type; | 583 guint roster_type; |
| 584 | 584 |
| 585 const gchar *from = lm_message_get_from(m); | |
| 586 | |
| 587 if (from) { | |
| 588 gchar *self_bjid = jidtodisp(lm_connection_get_jid(c)); | |
| 589 gchar *servername = get_servername(self_bjid, ""); | |
| 590 if ((!jid_equal(self_bjid, from)) && | |
| 591 (!servername || strcasecmp(from, servername))) { | |
| 592 scr_LogPrint(LPRINT_LOGNORM, "Received invalid roster IQ request"); | |
| 593 g_free(self_bjid); | |
| 594 return LM_HANDLER_RESULT_REMOVE_MESSAGE; | |
| 595 } | |
| 596 g_free(self_bjid); | |
| 597 } | |
| 598 | |
| 585 y = lm_message_node_find_child(lm_message_node_find_xmlns(m->node, NS_ROSTER), | 599 y = lm_message_node_find_child(lm_message_node_find_xmlns(m->node, NS_ROSTER), |
| 586 "item"); | 600 "item"); |
| 587 for ( ; y; y = y->next) { | 601 for ( ; y; y = y->next) { |
| 588 char *name_tmp = NULL; | 602 char *name_tmp = NULL; |
| 589 | 603 |