X-Git-Url: https://git.enpas.org/?a=blobdiff_plain;f=net%2Fxmppcomponent_listener.lua;h=5532186b1d4734f61f4418a6ea01d03572cba714;hb=eab8964877447ecc589e1aa81a3179db4bf79b11;hp=7b8ab95ad9aadaa0914d8e156176e950aa560a98;hpb=8808451f4e0ba15ded7fafacfdc026b823c7ad45;p=prosody.git

diff --git a/net/xmppcomponent_listener.lua b/net/xmppcomponent_listener.lua
index 7b8ab95a..5532186b 100644
--- a/net/xmppcomponent_listener.lua
+++ b/net/xmppcomponent_listener.lua
@@ -1,6 +1,6 @@
 -- Prosody IM
--- Copyright (C) 2008-2009 Matthew Wild
--- Copyright (C) 2008-2009 Waqas Hussain
+-- Copyright (C) 2008-2010 Matthew Wild
+-- Copyright (C) 2008-2010 Waqas Hussain
 -- 
 -- This project is MIT/X11 licensed. Please see the
 -- COPYING file in the source package for more information.
@@ -18,6 +18,7 @@ local connlisteners = require "net.connlisteners";
 local cm_register_component = require "core.componentmanager".register_component;
 local cm_deregister_component = require "core.componentmanager".deregister_component;
 local uuid_gen = require "util.uuid".generate;
+local jid_split = require "util.jid".split;
 local sha1 = require "util.hashes".sha1;
 local st = require "util.stanza";
 local init_xmlhandlers = require "core.xmlhandlers";
@@ -99,6 +100,31 @@ function stream_callbacks.handlestanza(session, stanza)
 	if not stanza.attr.xmlns and stanza.name == "handshake" then
 		stanza.attr.xmlns = xmlns_component;
 	end
+	if not stanza.attr.xmlns or stanza.attr.xmlns == "jabber:client" then
+		local from = stanza.attr.from;
+		if from then
+			if session.component_validate_from then
+				local _, domain = jid_split(stanza.attr.from);
+				if domain ~= session.host then
+					-- Return error
+					session.log("warn", "Component sent stanza with missing or invalid 'from' address");
+					session:close{
+						condition = "invalid-from";
+						text = "Component tried to send from address <"..tostring(from)
+							   .."> which is not in domain <"..tostring(session.host)..">";
+					};
+					return;
+				end
+			end
+		else
+			stanza.attr.from = session.host;
+		end
+		if not stanza.attr.to then
+			session.log("warn", "Rejecting stanza with no 'to' address");
+			session.send(st.error_reply(stanza, "modify", "bad-request", "Components MUST specify a 'to' address on stanzas"));
+			return;
+		end
+	end
 	return core_process_stanza(session, stanza);
 end
 
@@ -186,7 +212,12 @@ function component_listener.ondisconnect(conn, err)
 			hosts[session.host].connected = nil;
 		end
 		sessions[conn]  = nil;
-		for k in pairs(session) do session[k] = nil; end
+		for k in pairs(session) do
+			if k ~= "log" and k ~= "close" then
+				session[k] = nil;
+			end
+		end
+		session.destroyed = true;
 		session = nil;
 	end
 end