prosody
4c36bc28b99e
plugins/mod_bosh.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_bosh.lua @ 10377:4c36bc28b99e

mod_bosh: Abort early if request is missing hostname Prevents traceback from passing nil to nameprep()
author Kim Alvefur <zash@zash.se>
date Sat, 02 Nov 2019 15:29:13 +0100
parent 10111:0f335815244f
child 10728:2764beb552cd
line wrap: on
line diff
--- a/plugins/mod_bosh.lua	Sat Nov 02 15:27:53 2019 +0100
+++ b/plugins/mod_bosh.lua	Sat Nov 02 15:29:13 2019 +0100
@@ -272,6 +272,15 @@
 		-- New session request
 		context.notopen = nil; -- Signals that we accept this opening tag
 
+		if not attr.to then
+			log("debug", "BOSH client tried to connect without specifying a host");
+			report_bad_host();
+			local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+				["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
+			response:send(tostring(close_reply));
+			return;
+		end
+
 		local to_host = nameprep(attr.to);
 		local wait = tonumber(attr.wait);
 		if not to_host then