From 67d75d5adc5915b5fb83fc1578b35724dae6185b Mon Sep 17 00:00:00 2001
From: Melvin Keskin <melvo@olomono.de>
Date: Thu, 16 Mar 2023 21:57:47 +0100
Subject: Stream: IQ handling: Accept responses without 'from' attribute (#556)

See https://xmpp.org/rfcs/rfc6120.html#stanzas-attributes-from-c2s point 3
---
 src/base/QXmppStream.cpp | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/base/QXmppStream.cpp')

diff --git a/src/base/QXmppStream.cpp b/src/base/QXmppStream.cpp
index a4921a43..4e7c7276 100644
--- a/src/base/QXmppStream.cpp
+++ b/src/base/QXmppStream.cpp
@@ -481,10 +481,18 @@ bool QXmppStream::handleIqResponse(const QDomElement &stanza)
         return false;
     }
 
-    if (auto itr = d->runningIqs.find(stanza.attribute(QStringLiteral("id")));
+    const auto id = stanza.attribute(QStringLiteral("id"));
+    if (auto itr = d->runningIqs.find(id);
         itr != d->runningIqs.end()) {
-        if (stanza.attribute("from") != itr.value().jid) {
-            warning(QStringLiteral("Received IQ response to one of our requests from wrong sender. Ignoring."));
+        const auto expectedFrom = itr.value().jid;
+        // Check that the sender of the response matches the recipient of the request.
+        // Stanzas coming from the server on behalf of the user's account must have no "from"
+        // attribute or have it set to the user's bare JID.
+        // If 'from' is empty, the IQ has been sent by the server. In this case we don't need to
+        // do the check as we trust the server anyways.
+        if (const auto from = stanza.attribute("from"); !from.isEmpty() && from != expectedFrom) {
+            warning(QStringLiteral("Ignored received IQ response to request '%1' because of wrong sender '%2' instead of expected sender '%3'")
+                        .arg(id, from, expectedFrom));
             return false;
         }
 
-- 
cgit v1.2.3