# HG changeset patch
# User Nathan Walp <nwalp@pidgin.im>
# Date 1057181213 0
# Node ID b4a3628b7af291ac073e1767fbaaff3f8e203bfb
# Parent  7baf424d78ead1362942d2cae253e45fa3160152
[gaim-migrate @ 6442]
fix the jabber "security hole"

committer: Tailor Script <tailor@pidgin.im>

diff -r 7baf424d78ea -r b4a3628b7af2 src/protocols/jabber/jabber.c
--- a/src/protocols/jabber/jabber.c	Wed Jul 02 15:24:12 2003 +0000
+++ b/src/protocols/jabber/jabber.c	Wed Jul 02 21:26:53 2003 +0000
@@ -2210,7 +2210,7 @@
 
 static void jabber_handlepacket(gjconn gjc, jpacket p)
 {
-	char *id;
+	char *id, *from, *to;
 	switch (p->type) {
 	case JPACKET_MESSAGE:
 		jabber_handlemessage(gjc, p);
@@ -2231,7 +2231,9 @@
 		if (jpacket_subtype(p) == JPACKET__SET) {
 			xmlnode querynode;
 			querynode = xmlnode_get_tag(p->x, "query");
-			if (NSCHECK(querynode, "jabber:iq:roster")) {
+			from = xmlnode_get_attrib(p->x, "from");
+			to = xmlnode_get_attrib(p->x, "to");
+			if (NSCHECK(querynode, "jabber:iq:roster") && !strcmp(from, to)) {
 				jabber_handlebuddy(gjc, xmlnode_get_firstchild(querynode));
 			} else if(NSCHECK(querynode, "jabber:iq:oob")) {
 				jabber_handleoob(gjc, p->x);