forked from 0ad/0ad
Check for source of XMPP stanzas
Up to now Pyrogenesis didn't check if lobby related XMPP stanzas were sent by the lobby bots. This meant that every user could send forged data, like the list of games, to be displayed by another user. This change fixes that by checking such stanzas come from the expected lobby bots. Patch by: @Dunedan Accepted by: @Stan Differential Revision: https://code.wildfiregames.com/D5216 This was SVN commit r28197.
This commit is contained in:
parent
d6bfa7dedc
commit
ef623af2f8
@ -867,7 +867,13 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
|
||||
}
|
||||
if (gq)
|
||||
{
|
||||
if (iq.from().full() == m_xpartamuppId && gq->m_Command == "register" && g_NetServer && !g_NetServer->GetUseSTUN())
|
||||
if (iq.from().full() != m_xpartamuppId)
|
||||
{
|
||||
LOGWARNING("XmppClient: Received game list response from unexpected sender: %s", iq.from().full());
|
||||
return true;
|
||||
}
|
||||
|
||||
if (gq->m_Command == "register" && g_NetServer && !g_NetServer->GetUseSTUN())
|
||||
{
|
||||
if (gq->m_GameList.empty())
|
||||
{
|
||||
@ -895,6 +901,12 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
|
||||
}
|
||||
if (bq)
|
||||
{
|
||||
if (iq.from().full() != m_echelonId)
|
||||
{
|
||||
LOGWARNING("XmppClient: Received board list response from unexpected sender: %s", iq.from().full());
|
||||
return true;
|
||||
}
|
||||
|
||||
if (bq->m_Command == "boardlist")
|
||||
{
|
||||
for (const glooxwrapper::Tag* const& t : m_BoardList)
|
||||
@ -922,6 +934,12 @@ bool XmppClient::handleIq(const glooxwrapper::IQ& iq)
|
||||
}
|
||||
if (pq)
|
||||
{
|
||||
if (iq.from().full() != m_echelonId)
|
||||
{
|
||||
LOGWARNING("XmppClient: Received profile response from unexpected sender: %s", iq.from().full());
|
||||
return true;
|
||||
}
|
||||
|
||||
for (const glooxwrapper::Tag* const& t : m_Profile)
|
||||
glooxwrapper::Tag::free(t);
|
||||
m_Profile.clear();
|
||||
|
Loading…
Reference in New Issue
Block a user