Check for source of XMPP stanzas

Up to now Pyrogenesis didn't check if lobby related XMPP stanzas were
sent by the lobby bots. This meant that every user could send forged
data, like the list of games, to be displayed by another user. This
change fixes that by checking such stanzas come from the expected lobby
bots.

Patch by: @Dunedan
Accepted by: @Stan
Differential Revision: https://code.wildfiregames.com/D5216
This was SVN commit r28197.

source/lobby/XmppClient.cpp

@@ -867,7 +867,13 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
 		}
 		if (gq)
 		{
-			if (iq.from().full() == m_xpartamuppId && gq->m_Command == "register" && g_NetServer && !g_NetServer->GetUseSTUN())
+			if (iq.from().full() != m_xpartamuppId)
+			{
+				LOGWARNING("XmppClient: Received game list response from unexpected sender: %s", iq.from().full());
+				return true;
+			}
+
+			if (gq->m_Command == "register" && g_NetServer && !g_NetServer->GetUseSTUN())
 			{
 				if (gq->m_GameList.empty())
 				{
@@ -895,6 +901,12 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
 		}
 		if (bq)
 		{
+			if (iq.from().full() != m_echelonId)
+			{
+				LOGWARNING("XmppClient: Received board list response from unexpected sender: %s", iq.from().full());
+				return true;
+			}
+
 			if (bq->m_Command == "boardlist")
 			{
 				for (const glooxwrapper::Tag* const& t : m_BoardList)
@@ -922,6 +934,12 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
 		}
 		if (pq)
 		{
+			if (iq.from().full() != m_echelonId)
+			{
+				LOGWARNING("XmppClient: Received profile response from unexpected sender: %s", iq.from().full());
+				return true;
+			}
+
 			for (const glooxwrapper::Tag* const& t : m_Profile)
 				glooxwrapper::Tag::free(t);
 			m_Profile.clear();