Mercurial > ~mikael > mcabber > hg
comparison mcabber/mcabber/xmpp_iq.c @ 2283:6e1ead98930d
Check origin of roster pushes
MCabber is vulnerable to roster push attacks as described by Daniel Gultsch
at https://gultsch.de/gajim_roster_push_and_message_interception.html.
This patch should fix the problem by checking the sender of the iq:roster
stanzas.
Thanks to Sam Whited for the report.
author | Mikael Berthe <mikael@lilotux.net> |
---|---|
date | Mon, 21 Nov 2016 20:35:28 +0100 |
parents | f5402d705f67 |
children | 71ec41732035 |
comparison
equal
deleted
inserted
replaced
2275:3d6986784dae | 2283:6e1ead98930d |
---|---|
580 char *cleanalias; | 580 char *cleanalias; |
581 enum subscr esub; | 581 enum subscr esub; |
582 int need_refresh = FALSE; | 582 int need_refresh = FALSE; |
583 guint roster_type; | 583 guint roster_type; |
584 | 584 |
585 const gchar *from = lm_message_get_from(m); | |
586 | |
587 if (from) { | |
588 gchar *self_bjid = jidtodisp(lm_connection_get_jid(c)); | |
589 gchar *servername = get_servername(self_bjid, ""); | |
590 if ((!jid_equal(self_bjid, from)) && | |
591 (!servername || strcasecmp(from, servername))) { | |
592 scr_LogPrint(LPRINT_LOGNORM, "Received invalid roster IQ request"); | |
593 g_free(self_bjid); | |
594 return LM_HANDLER_RESULT_REMOVE_MESSAGE; | |
595 } | |
596 g_free(self_bjid); | |
597 } | |
598 | |
585 y = lm_message_node_find_child(lm_message_node_find_xmlns(m->node, NS_ROSTER), | 599 y = lm_message_node_find_child(lm_message_node_find_xmlns(m->node, NS_ROSTER), |
586 "item"); | 600 "item"); |
587 for ( ; y; y = y->next) { | 601 for ( ; y; y = y->next) { |
588 char *name_tmp = NULL; | 602 char *name_tmp = NULL; |
589 | 603 |