From 3e1c9a0cfef7ff4f1909d5ef5487764f70a456ef Mon Sep 17 00:00:00 2001
From: Marvin W <git@larma.de>
Date: Thu, 23 Mar 2023 10:13:30 -0600
Subject: Check sender of bookmark:1 updates

---
 BACKPORT                                      |  2 ++
 xmpp-vala/src/module/xep/0402_bookmarks2.vala | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff --git a/BACKPORT b/BACKPORT
index abbc05f5..44b0d216 100644
--- a/BACKPORT
+++ b/BACKPORT
@@ -341,3 +341,5 @@ source code. Maybe a similar commit can be provided independently.
 
 5568bbc6bf505c4f8ea93fc460dbeff6f4d36e15: Partially applied.
 Changes related to libadwaita are out of scope for this fork.
+
+ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec: Applied.
diff --git a/xmpp-vala/src/module/xep/0402_bookmarks2.vala b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
index 406f37f4..d1e53e6e 100644
--- a/xmpp-vala/src/module/xep/0402_bookmarks2.vala
+++ b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
@@ -68,6 +68,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
     }
 
     private void on_pupsub_item(XmppStream stream, Jid jid, string id, StanzaNode? node) {
+        if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+            warning("Received alleged bookmarks:1 item from %s, ignoring", jid.to_string());
+            return;
+        }
+
         Conference conference = parse_item_node(node, id);
         Flag? flag = stream.get_flag(Flag.IDENTITY);
         if (flag != null) {
@@ -77,6 +82,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
     }
 
     private void on_pupsub_retract(XmppStream stream, Jid jid, string id) {
+        if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+            warning("Received alleged bookmarks:1 retract from %s, ignoring", jid.to_string());
+            return;
+        }
+
         try {
             Jid jid_parsed = new Jid(id);
             Flag? flag = stream.get_flag(Flag.IDENTITY);
-- 
cgit v1.2.3