diff options
| author | Linus Jahn <lnj@kaidan.im> | 2020-07-19 13:50:13 +0200 |
|---|---|---|
| committer | Linus Jahn <lnj@kaidan.im> | 2020-07-20 17:18:24 +0200 |
| commit | e73120d4ab5b1a93c6ad051ff6807af02cd8a039 (patch) | |
| tree | 2c4c49bf0ae6b2fc6b08bd18c1cee1202e1fb334 /src/client/QXmppCarbonManager.cpp | |
| parent | 86a1888e39765dd57762c4422e6ede0c4a408935 (diff) | |
| download | qxmpp-e73120d4ab5b1a93c6ad051ff6807af02cd8a039.tar.gz | |
QXmppCarbonManager: Fix vulnerability: Add sender check
The XEP requires that only carbon messages from the client's bare JID
are accepted. This prevents that other entities can inject messages into
the client.
Diffstat (limited to 'src/client/QXmppCarbonManager.cpp')
| -rw-r--r-- | src/client/QXmppCarbonManager.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/client/QXmppCarbonManager.cpp b/src/client/QXmppCarbonManager.cpp index d403e6de..e936ddf2 100644 --- a/src/client/QXmppCarbonManager.cpp +++ b/src/client/QXmppCarbonManager.cpp @@ -93,6 +93,12 @@ bool QXmppCarbonManager::handleStanza(const QDomElement &element) if (carbon.isNull() || carbon.namespaceURI() != ns_carbons) return false; // Neither sent nor received -> no carbon message + // carbon copies must always come from our bare JID + if (element.attribute("from") != client()->configuration().jidBare()) { + info("Received carbon copy from possible attacker trying to use CVE-2017-5603."); + return false; + } + QDomElement forwarded = carbon.firstChildElement("forwarded"); if (forwarded.isNull()) return false; |