From 0878a0342c5a2ae6abcfaecc2d9f0c9d3fd0dbad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?louiz=E2=80=99?= <louiz@louiz.org>
Date: Tue, 4 Apr 2017 21:38:53 +0200
Subject: =?UTF-8?q?Do=20not=20allow=20pings=20from=20resources=20that=20ar?=
 =?UTF-8?q?en=E2=80=99t=20in=20the=20channel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

fix #3252
---
 src/bridge/bridge.cpp        |  3 ++-
 tests/end_to_end/__main__.py | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/bridge/bridge.cpp b/src/bridge/bridge.cpp
index 2da1d96..4966b0d 100644
--- a/src/bridge/bridge.cpp
+++ b/src/bridge/bridge.cpp
@@ -744,9 +744,10 @@ void Bridge::send_irc_participant_ping_request(const Iid& iid, const std::string
                                                const std::string& iq_id, const std::string& to_jid,
                                                const std::string& from_jid)
 {
+  Jid from(to_jid);
   IrcClient* irc = this->get_irc_client(iid.get_server());
   IrcChannel* chan = irc->get_channel(iid.get_local());
-  if (!chan->joined)
+  if (!chan->joined || !this->is_resource_in_chan(iid.to_tuple(), from.resource))
     {
       this->xmpp.send_stanza_error("iq", to_jid, from_jid, iq_id, "cancel", "not-allowed",
                                     "", true);
diff --git a/tests/end_to_end/__main__.py b/tests/end_to_end/__main__.py
index 09ef501..2f3a98b 100644
--- a/tests/end_to_end/__main__.py
+++ b/tests/end_to_end/__main__.py
@@ -1139,6 +1139,34 @@ if __name__ == '__main__':
                      partial(expect_stanza,
                              "/iq[@from='#foo%{irc_server_one}/{nick_one}'][@type='result'][@to='{jid_one}/{resource_one}'][@id='first_ping']"),
                  ]),
+                Scenario("self_ping_not_in_muc",
+                 [
+                     handshake_sequence(),
+                     partial(send_stanza,
+                             "<presence from='{jid_one}/{resource_one}' to='#foo%{irc_server_one}/{nick_one}' />"),
+                     connection_sequence("irc.localhost", '{jid_one}/{resource_one}'),
+                     partial(expect_stanza,
+                             "/message/body[text()='Mode #foo [+nt] by {irc_host_one}']"),
+                     partial(expect_stanza,
+                             ("/presence[@to='{jid_one}/{resource_one}'][@from='#foo%{irc_server_one}/{nick_one}']/muc_user:x/muc_user:item[@affiliation='admin'][@role='moderator']",
+                              "/presence/muc_user:x/muc_user:status[@code='110']")
+                             ),
+                     partial(expect_stanza, "/message[@from='#foo%{irc_server_one}'][@type='groupchat']/subject[not(text())]"),
+
+                     # Send a ping to ourself, in a muc where we’re not
+                     partial(send_stanza,
+                             "<iq type='get' from='{jid_one}/{resource_one}' id='first_ping' to='#nil%{irc_server_one}/{nick_one}'><ping xmlns='urn:xmpp:ping' /></iq>"),
+                     # Immediately receive an error
+                     partial(expect_stanza,
+                             "/iq[@from='#nil%{irc_server_one}/{nick_one}'][@type='error'][@to='{jid_one}/{resource_one}'][@id='first_ping']/error/stanza:not-allowed"),
+
+                     # Send a ping to ourself, in a muc where we are, but not this resource
+                     partial(send_stanza,
+                             "<iq type='get' from='{jid_one}/{resource_two}' id='first_ping' to='#foo%{irc_server_one}/{nick_one}'><ping xmlns='urn:xmpp:ping' /></iq>"),
+                     # Immediately receive an error
+                     partial(expect_stanza,
+                             "/iq[@from='#foo%{irc_server_one}/{nick_one}'][@type='error'][@to='{jid_one}/{resource_two}'][@id='first_ping']/error/stanza:not-allowed"),
+                 ]),
                 Scenario("self_ping_on_real_channel",
                  [
                      handshake_sequence(),
-- 
cgit v1.2.3