Diff

plugins/muc/mod_muc.lua @ 10366:5611c939743a

MUC: Strictly validate room JID on creation This should prevent any MUCs with invalid JID (according to current normalization routine)
author Kim Alvefur <zash@zash.se>
date Fri, 01 Nov 2019 22:08:38 +0100
parent 10353:7b602e13c3b6
child 10449:2e36a54906e4
line wrap: on
line diff
--- a/plugins/muc/mod_muc.lua	Fri Nov 01 18:31:12 2019 +0100
+++ b/plugins/muc/mod_muc.lua	Fri Nov 01 22:08:38 2019 +0100
@@ -93,6 +93,7 @@
 
 
 local jid_split = require "util.jid".split;
+local jid_prep = require "util.jid".prep;
 local jid_bare = require "util.jid".bare;
 local st = require "util.stanza";
 local cache = require "util.cache";
@@ -273,6 +274,9 @@
 end
 
 function create_room(room_jid, config)
+	if jid_bare(room_jid) ~= room_jid or not jid_prep(room_jid, true) then
+		return nil, "invalid-jid";
+	end
 	local exists = get_room_from_jid(room_jid);
 	if exists then
 		return nil, "room-exists";
@@ -460,6 +464,10 @@
 
 		if room == nil then
 			-- Watch presence to create rooms
+			if not jid_prep(room_jid, true) then
+				origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
+				return true;
+			end
 			if stanza.attr.type == nil and stanza.name == "presence" and stanza:get_child("x", "http://jabber.org/protocol/muc") then
 				room = muclib.new_room(room_jid);
 				return room:handle_first_presence(origin, stanza);