diff options
author | defanor <defanor@uberspace.net> | 2020-04-06 12:23:48 +0300 |
---|---|---|
committer | defanor <defanor@uberspace.net> | 2020-04-06 12:23:48 +0300 |
commit | a94e340cc77152535383d53dbbaecd5076201a1c (patch) | |
tree | 60762e4b5a3f9fe4a74132291c50a1db1fe4f680 | |
parent | ca37ffced8de00c97c4f04899f35939ac2f3fe01 (diff) |
Check node in incoming disco requests
-rw-r--r-- | src/rexmpp.c | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/src/rexmpp.c b/src/rexmpp.c index 391364f..2e05cbb 100644 --- a/src/rexmpp.c +++ b/src/rexmpp.c @@ -1425,14 +1425,33 @@ void rexmpp_process_element (rexmpp_t *s) { xmlNodePtr query = xmlFirstElementChild(elem); if (rexmpp_xml_match(query, "http://jabber.org/protocol/disco#info", "query")) { char *node = xmlGetProp(query, "node"); - xmlNodePtr result = xmlNewNode(NULL, "query"); - xmlNewNs(result, "http://jabber.org/protocol/disco#info", NULL); + char *caps_hash = rexmpp_capabilities_hash(s, s->disco_info); + if (node == NULL || + (caps_hash != NULL && + s->disco_node != NULL && + strlen(node) == strlen(s->disco_node) + 1 + strlen(caps_hash) && + strncmp(node, s->disco_node, strlen(s->disco_node)) == 0 && + node[strlen(s->disco_node)] == '#' && + strcmp(node + strlen(s->disco_node) + 1, caps_hash) == 0)) { + xmlNodePtr result = xmlNewNode(NULL, "query"); + xmlNewNs(result, "http://jabber.org/protocol/disco#info", NULL); + if (node != NULL) { + xmlNewProp(result, "node", node); + } + xmlAddChild(result, xmlCopyNodeList(s->disco_info)); + rexmpp_iq_reply(s, elem, "result", result); + } else { + rexmpp_log(s, LOG_WARNING, + "Service discovery request for an unknown node: %s", node); + rexmpp_iq_reply(s, elem, "error", + rexmpp_xml_error("cancel", "item-not-found")); + } + if (caps_hash != NULL) { + free(caps_hash); + } if (node != NULL) { - xmlNewProp(result, "node", node); free(node); } - xmlAddChild(result, xmlCopyNodeList(s->disco_info)); - rexmpp_iq_reply(s, elem, "result", result); } else { /* An unknown request. */ rexmpp_iq_reply(s, elem, "error", |