Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425) 0.11
authorKim Alvefur <zash@zash.se>
Sat, 03 Oct 2020 15:03:09 +0200
branch0.11
changeset 11128 1aea75b63d0a
parent 11127 0f4260f99ea2
child 11129 5bcddab1659b
child 11132 c3eefb517b7b
mod_bosh: Ensure that stream is directed to a VirtualHost (fixes #425)
plugins/mod_bosh.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_bosh.lua	Sat Oct 03 14:59:11 2020 +0200
+++ b/plugins/mod_bosh.lua	Sat Oct 03 15:03:09 2020 +0200
@@ -277,6 +277,22 @@
 			return;
 		end
 
+		if not prosody.hosts[to_host] then
+			log("debug", "BOSH client tried to connect to non-existant host: %s", attr.to);
+			local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+				["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
+			response:send(tostring(close_reply));
+			return;
+		end
+
+		if prosody.hosts[to_host].type ~= "local" then
+			log("debug", "BOSH client tried to connect to %s host: %s", prosody.hosts[to_host].type, attr.to);
+			local close_reply = st.stanza("body", { xmlns = xmlns_bosh, type = "terminate",
+				["xmlns:stream"] = xmlns_streams, condition = "improper-addressing" });
+			response:send(tostring(close_reply));
+			return;
+		end
+
 		local wait = tonumber(attr.wait);
 		if not rid or (not attr.wait or not wait or wait < 0 or wait % 1 ~= 0) then
 			log("debug", "BOSH client sent invalid rid or wait attributes: rid=%s, wait=%s", tostring(attr.rid), tostring(attr.wait));
prosody