# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1601730189 -7200
# Node ID 1aea75b63d0ac6193fb08b6591d0c6859eefbce2
# Parent  0f4260f99ea203037da25749ce5b354a2c7bb6db
mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425)

diff -r 0f4260f99ea2 -r 1aea75b63d0a plugins/mod_bosh.lua
--- a/plugins/mod_bosh.lua	Sat Oct 03 14:59:11 2020 +0200
+++ b/plugins/mod_bosh.lua	Sat Oct 03 15:03:09 2020 +0200
@@ -277,6 +277,22 @@
 			return;
 		end
 
+		if not prosody.hosts[to_host] then
+			log("debug", "BOSH client tried to connect to non-existant host: %s", attr.to);
+			local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+				["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
+			response:send(tostring(close_reply));
+			return;
+		end
+
+		if prosody.hosts[to_host].type ~= "local" then
+			log("debug", "BOSH client tried to connect to %s host: %s", prosody.hosts[to_host].type, attr.to);
+			local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+				["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
+			response:send(tostring(close_reply));
+			return;
+		end
+
 		local wait = tonumber(attr.wait);
 		if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then
 			log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait));