diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/client/QXmppCarbonManager.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/client/QXmppCarbonManager.cpp b/src/client/QXmppCarbonManager.cpp index d403e6de..e936ddf2 100644 --- a/src/client/QXmppCarbonManager.cpp +++ b/src/client/QXmppCarbonManager.cpp @@ -93,6 +93,12 @@ bool QXmppCarbonManager::handleStanza(const QDomElement &element) if (carbon.isNull() || carbon.namespaceURI() != ns_carbons) return false; // Neither sent nor received -> no carbon message + // carbon copies must always come from our bare JID + if (element.attribute("from") != client()->configuration().jidBare()) { + info("Received carbon copy from possible attacker trying to use CVE-2017-5603."); + return false; + } + QDomElement forwarded = carbon.firstChildElement("forwarded"); if (forwarded.isNull()) return false; |