mod_c2s: Do not allow the stream 'to' to change across stream restarts (fixes #1147)0.9.14

author: Kim Alvefur <zash@zash.se> 2018-05-25 21:09:34 +0200
committer: Kim Alvefur <zash@zash.se> 2018-05-25 21:09:34 +0200
commit: 32b507c866f2dace8dcd712a1becb4892d8662f6 (patch)
tree: eb79ef1a95d4713f5ffddf68d2ea6361e2bb4d5a
parent: Added tag 0.9.13 for changeset 082d12728645 (diff)
download: prosody-0.9.14.tar.xz
prosody-0.9.14.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index fdb3b2116..2848f92f3 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -40,12 +40,19 @@ local default_stream_attr = { ["xmlns:stream"] = "http://etherx.jabber.org/strea
 
 function stream_callbacks.streamopened(session, attr)
 	local send = session.send;
-	session.host = nameprep(attr.to);
-	if not session.host then
+	local host = nameprep(attr.to);
+	if not host then
 		session:close{ condition = "improper-addressing",
 			text = "A valid 'to' attribute is required on stream headers" };
 		return;
 	end
+	if not session.host then
+		session.host = host;
+	elseif session.host ~= host then
+		session:close{ condition = "not-authorized",
+			text = "The 'to' attribute must remain the same across stream restarts" };
+		return;
+	end
 	session.version = tonumber(attr.version) or 0;
 	session.streamid = uuid_generate();
 	(session.log or session)("debug", "Client sent opening <stream:stream> to %s", session.host);
author	Kim Alvefur <zash@zash.se>	2018-05-25 21:09:34 +0200
committer	Kim Alvefur <zash@zash.se>	2018-05-25 21:09:34 +0200
commit	32b507c866f2dace8dcd712a1becb4892d8662f6 (patch)
tree	eb79ef1a95d4713f5ffddf68d2ea6361e2bb4d5a
parent	Added tag 0.9.13 for changeset 082d12728645 (diff)
download	prosody-0.9.14.tar.xz prosody-0.9.14.zip