From 6cf06dc51614b255282821185b6d62bab8719baa Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Thu, 12 Sep 2019 20:55:16 +0200
Subject: [PATCH] Log alleged roster push to file

https://gultsch.de/dino_multiple.html mentions CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237.

CVE-2019-16235: Is checking the from in carbon messages. We do that.
CVE-2019-16236: Is checking the from in roster pushes. We do that but
didn't log it yet.
CVE-2019-16237: Is checking the form in MAM messages. We don't support
them yet.
---
 src/xmpp/roster.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/xmpp/roster.c b/src/xmpp/roster.c
index 633f6700..adcd447c 100644
--- a/src/xmpp/roster.c
+++ b/src/xmpp/roster.c
@@ -213,6 +213,7 @@ roster_set_handler(xmpp_stanza_t *const stanza)
     Jid *my_jid = jid_create(connection_get_fulljid());
     const char *from = xmpp_stanza_get_from(stanza);
     if (from && (strcmp(from, my_jid->barejid) != 0)) {
+        log_warning("Received alleged roster push from: %s", from);
         jid_destroy(my_jid);
         return;
     }