prosody
64ddcbc9a328
core/stanza_router.lua
Software / code / prosody
Comparison
core/stanza_router.lua @ 10360:64ddcbc9a328
core.stanza_router: Do strict jidprep on c2s
Be conservative in what you let your clients send, be liberal in what
you let in via s2s.
Being strict on s2s leads to interop problems and poor experiences, ie
users being ejected from MUCs if something invalid enters. By starting
with tightening up input into the network, we may be able to gradually
approach a point where no invalid JIDs are allowed.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 09 Sep 2019 22:32:01 +0200 |
| parent | 10245:88efdfb0a126 |
| child | 10362:c05444119e9e |
comparison
equal
deleted
inserted
replaced
| 10359:4ef785f45aa2 | 10360:64ddcbc9a328 |
|---|---|
| 81 local to_bare, from_bare; | 81 local to_bare, from_bare; |
| 82 if to then | 82 if to then |
| 83 if full_sessions[to] or bare_sessions[to] or hosts[to] then | 83 if full_sessions[to] or bare_sessions[to] or hosts[to] then |
| 84 node, host = jid_split(to); -- TODO only the host is needed, optimize | 84 node, host = jid_split(to); -- TODO only the host is needed, optimize |
| 85 else | 85 else |
| 86 node, host, resource = jid_prepped_split(to); | 86 node, host, resource = jid_prepped_split(to, origin.type == "c2s"); |
| 87 if not host then | 87 if not host then |
| 88 log("warn", "Received stanza with invalid destination JID: %s", to); | 88 log("warn", "Received stanza with invalid destination JID: %s", to); |
| 89 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then | 89 if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then |
| 90 origin.send(st.error_reply(stanza, "modify", "jid-malformed", "The destination address is invalid: "..to)); | 90 origin.send(st.error_reply(stanza, "modify", "jid-malformed", "The destination address is invalid: "..to)); |
| 91 end | 91 end |
