summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlouiz’ <louiz@louiz.org>2017-04-04 21:38:53 +0200
committerlouiz’ <louiz@louiz.org>2017-04-04 21:38:53 +0200
commit0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad (patch)
tree65d2e38c8652ea6054a23457994aa46777a8c6e7
parente4cc69607c91db43cf154326aaba8afbe97a4c81 (diff)
downloadbiboumi-0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad.tar.gz
biboumi-0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad.tar.bz2
biboumi-0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad.tar.xz
biboumi-0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad.zip
Do not allow pings from resources that aren’t in the channel
fix #3252
-rw-r--r--src/bridge/bridge.cpp3
-rw-r--r--tests/end_to_end/__main__.py28
2 files changed, 30 insertions, 1 deletions
diff --git a/src/bridge/bridge.cpp b/src/bridge/bridge.cpp
index 2da1d96..4966b0d 100644
--- a/src/bridge/bridge.cpp
+++ b/src/bridge/bridge.cpp
@@ -744,9 +744,10 @@ void Bridge::send_irc_participant_ping_request(const Iid& iid, const std::string
const std::string& iq_id, const std::string& to_jid,
const std::string& from_jid)
{
+ Jid from(to_jid);
IrcClient* irc = this->get_irc_client(iid.get_server());
IrcChannel* chan = irc->get_channel(iid.get_local());
- if (!chan->joined)
+ if (!chan->joined || !this->is_resource_in_chan(iid.to_tuple(), from.resource))
{
this->xmpp.send_stanza_error("iq", to_jid, from_jid, iq_id, "cancel", "not-allowed",
"", true);
diff --git a/tests/end_to_end/__main__.py b/tests/end_to_end/__main__.py
index 09ef501..2f3a98b 100644
--- a/tests/end_to_end/__main__.py
+++ b/tests/end_to_end/__main__.py
@@ -1139,6 +1139,34 @@ if __name__ == '__main__':
partial(expect_stanza,
"/iq[@from='#foo%{irc_server_one}/{nick_one}'][@type='result'][@to='{jid_one}/{resource_one}'][@id='first_ping']"),
]),
+ Scenario("self_ping_not_in_muc",
+ [
+ handshake_sequence(),
+ partial(send_stanza,
+ "<presence from='{jid_one}/{resource_one}' to='#foo%{irc_server_one}/{nick_one}' />"),
+ connection_sequence("irc.localhost", '{jid_one}/{resource_one}'),
+ partial(expect_stanza,
+ "/message/body[text()='Mode #foo [+nt] by {irc_host_one}']"),
+ partial(expect_stanza,
+ ("/presence[@to='{jid_one}/{resource_one}'][@from='#foo%{irc_server_one}/{nick_one}']/muc_user:x/muc_user:item[@affiliation='admin'][@role='moderator']",
+ "/presence/muc_user:x/muc_user:status[@code='110']")
+ ),
+ partial(expect_stanza, "/message[@from='#foo%{irc_server_one}'][@type='groupchat']/subject[not(text())]"),
+
+ # Send a ping to ourself, in a muc where we’re not
+ partial(send_stanza,
+ "<iq type='get' from='{jid_one}/{resource_one}' id='first_ping' to='#nil%{irc_server_one}/{nick_one}'><ping xmlns='urn:xmpp:ping' /></iq>"),
+ # Immediately receive an error
+ partial(expect_stanza,
+ "/iq[@from='#nil%{irc_server_one}/{nick_one}'][@type='error'][@to='{jid_one}/{resource_one}'][@id='first_ping']/error/stanza:not-allowed"),
+
+ # Send a ping to ourself, in a muc where we are, but not this resource
+ partial(send_stanza,
+ "<iq type='get' from='{jid_one}/{resource_two}' id='first_ping' to='#foo%{irc_server_one}/{nick_one}'><ping xmlns='urn:xmpp:ping' /></iq>"),
+ # Immediately receive an error
+ partial(expect_stanza,
+ "/iq[@from='#foo%{irc_server_one}/{nick_one}'][@type='error'][@to='{jid_one}/{resource_two}'][@id='first_ping']/error/stanza:not-allowed"),
+ ]),
Scenario("self_ping_on_real_channel",
[
handshake_sequence(),