Mercurial > pidgin

changeset 5994:b4a3628b7af2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 6442] fix the jabber "security hole" committer: Tailor Script <tailor@pidgin.im>
author Nathan Walp <nwalp@pidgin.im>
date Wed, 02 Jul 2003 21:26:53 +0000
parents 7baf424d78ea
children 8559b7f2a8a6
files src/protocols/jabber/jabber.c
diffstat 1 files changed, 4 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/jabber/jabber.c	Wed Jul 02 15:24:12 2003 +0000
+++ b/src/protocols/jabber/jabber.c	Wed Jul 02 21:26:53 2003 +0000
@@ -2210,7 +2210,7 @@
 
 static void jabber_handlepacket(gjconn gjc, jpacket p)
 {
-	char *id;
+	char *id, *from, *to;
 	switch (p->type) {
 	case JPACKET_MESSAGE:
 		jabber_handlemessage(gjc, p);
@@ -2231,7 +2231,9 @@
 		if (jpacket_subtype(p) == JPACKET__SET) {
 			xmlnode querynode;
 			querynode = xmlnode_get_tag(p->x, "query");
-			if (NSCHECK(querynode, "jabber:iq:roster")) {
+			from = xmlnode_get_attrib(p->x, "from");
+			to = xmlnode_get_attrib(p->x, "to");
+			if (NSCHECK(querynode, "jabber:iq:roster") && !strcmp(from, to)) {
 				jabber_handlebuddy(gjc, xmlnode_get_firstchild(querynode));
 			} else if(NSCHECK(querynode, "jabber:iq:oob")) {
 				jabber_handleoob(gjc, p->x);