mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fized: Added check to ensure that resource binding is done after auth.

Browse source
This commit is contained in:
Waqas Hussain 2008-10-08 20:37:16 +05:00
parent e00ee96830
commit 2afc5cdef0
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
core/stanza_router.lua
View file

@ -16,6 +16,13 @@ local jid_split = jid.split;
function core_process_stanza(origin, stanza)
log("debug", "Received: "..tostring(stanza))
-- TODO verify validity of stanza (as well as JID validity)
if origin.type == "c2s" and not origin.full_jid
and not(stanza.name == "iq" and stanza.tags[1] and stanza.tags[1].name == "bind"
and stanza.tags[1].attr.xmlns == "urn:ietf:params:xml:ns:xmpp-bind") then
error("Client MUST bind resource after auth");
end
local to = stanza.attr.to;
stanza.attr.from = origin.full_jid -- quick fix to prevent impersonation