aniani/profanity
1
1
Fork 0
mirror of https://github.com/profanity-im/profanity.git synced 2025-01-03 14:57:42 -05:00
Code

Log alleged roster push to file

Browse Source 
https://gultsch.de/dino_multiple.html mentions CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237.

CVE-2019-16235: Is checking the from in carbon messages. We do that.
CVE-2019-16236: Is checking the from in roster pushes. We do that but
didn't log it yet.
CVE-2019-16237: Is checking the form in MAM messages. We don't support
them yet.
This commit is contained in:
Michael Vetter 2019-09-12 20:55:16 +02:00
parent 385df53282
commit 6cf06dc516
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/xmpp/roster.c
View File

@ -213,6 +213,7 @@ roster_set_handler(xmpp_stanza_t *const stanza)
Jid *my_jid = jid_create(connection_get_fulljid()); Jid *my_jid = jid_create(connection_get_fulljid());
const char *from = xmpp_stanza_get_from(stanza); const char *from = xmpp_stanza_get_from(stanza);
if (from && (strcmp(from, my_jid->barejid) != 0)) { if (from && (strcmp(from, my_jid->barejid) != 0)) {
log_warning("Received alleged roster push from: %s", from);
jid_destroy(my_jid); jid_destroy(my_jid);
return; return;
} }