Mercurial > pidgin.yaz
changeset 5994:b4a3628b7af2
[gaim-migrate @ 6442]
fix the jabber "security hole"
committer: Tailor Script <tailor@pidgin.im>
author | Nathan Walp <nwalp@pidgin.im> |
---|---|
date | Wed, 02 Jul 2003 21:26:53 +0000 |
parents | 7baf424d78ea |
children | 8559b7f2a8a6 |
files | src/protocols/jabber/jabber.c |
diffstat | 1 files changed, 4 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/protocols/jabber/jabber.c Wed Jul 02 15:24:12 2003 +0000 +++ b/src/protocols/jabber/jabber.c Wed Jul 02 21:26:53 2003 +0000 @@ -2210,7 +2210,7 @@ static void jabber_handlepacket(gjconn gjc, jpacket p) { - char *id; + char *id, *from, *to; switch (p->type) { case JPACKET_MESSAGE: jabber_handlemessage(gjc, p); @@ -2231,7 +2231,9 @@ if (jpacket_subtype(p) == JPACKET__SET) { xmlnode querynode; querynode = xmlnode_get_tag(p->x, "query"); - if (NSCHECK(querynode, "jabber:iq:roster")) { + from = xmlnode_get_attrib(p->x, "from"); + to = xmlnode_get_attrib(p->x, "to"); + if (NSCHECK(querynode, "jabber:iq:roster") && !strcmp(from, to)) { jabber_handlebuddy(gjc, xmlnode_get_firstchild(querynode)); } else if(NSCHECK(querynode, "jabber:iq:oob")) { jabber_handleoob(gjc, p->x);