# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1278123805 -3600
# Node ID f4d2de6ac22ecb221c37d4fcb0381dd8ae965ab7
# Parent  4019ad5c61e242dfa1d3905bc60a03b937e13cc8
xmppcomponent_listener: Validate to/from on components, fixes #104 and #162

diff -r 4019ad5c61e2 -r f4d2de6ac22e net/xmppcomponent_listener.lua
--- a/net/xmppcomponent_listener.lua	Fri Jul 02 19:55:37 2010 +0100
+++ b/net/xmppcomponent_listener.lua	Sat Jul 03 03:23:25 2010 +0100
@@ -99,6 +99,27 @@
 	if not stanza.attr.xmlns and stanza.name == "handshake" then
 		stanza.attr.xmlns = xmlns_component;
 	end
+	local from = stanza.attr.from;
+	if from then
+		if session.component_validate_from then
+			local _, domain = jid_split(stanza.attr.from);
+			if domain ~= session.host then
+				-- Return error
+				session:close{
+					condition = "invalid-from";
+					text = "Component tried to send from address <"..tostring(from)
+					       .."> which is not in domain <"..tostring(session.host)..">";
+				};
+				return;
+			end
+		end
+	else
+			stanza.attr.from = session.host;
+	end
+	if not stanza.attr.to then
+		session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas"));
+		return;
+	end
 	return core_process_stanza(session, stanza);
 end