--- /tmp/jabberd-2.2.13/s2s/in.c 2011-02-23 08:24:34.000000000 -0800
+++ ./jabberd2/s2s/in.c 2011-02-24 16:40:33.000000000 -0800
@@ -163,6 +163,8 @@ static int _in_sx_callback(sx_t s, sx_ev
sx_error_t *sxe;
nad_t nad;
char ipport[INET6_ADDRSTRLEN + 17];
+ jid_t from;
+ int attr;
switch(e) {
case event_WANT_READ:
@@ -273,7 +275,8 @@ static int _in_sx_callback(sx_t s, sx_ev
in->last_packet = time(NULL);
/* dialback packets */
- if(NAD_NURI_L(nad, NAD_ENS(nad, 0)) == strlen(uri_DIALBACK) && strncmp(uri_DIALBACK, NAD_NURI(nad, NAD_ENS(nad, 0)), strlen(uri_DIALBACK)) == 0) {
+ if(NAD_NURI_L(nad, NAD_ENS(nad, 0)) == strlen(uri_DIALBACK) && strncmp(uri_DIALBACK, NAD_NURI(nad, NAD_ENS(nad, 0)), strlen(uri_DIALBACK)) == 0 &&
+ (in->s2s->require_tls == 0 || s->ssf > 0)) {
/* only result and verify mean anything */
if(NAD_ENAME_L(nad, 0) == 6) {
if(strncmp("result", NAD_ENAME(nad, 0), 6) == 0) {
@@ -320,11 +323,31 @@ static int _in_sx_callback(sx_t s, sx_ev
return 0;
}
+ /* perform check against whitelist */
+ attr = nad_find_attr(nad, 0, -1, "from", NULL);
+ if(attr < 0 || (from = jid_new(NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
+ log_debug(ZONE, "missing or invalid from on incoming packet, attr is %d", attr);
+ nad_free(nad);
+ return 0;
+ }
+
+ if (in->s2s->enable_whitelist > 0 && (s2s_domain_in_whitelist(in->s2s, from->domain) == 0)) {
+ log_write(in->s2s->log, LOG_NOTICE, "received a packet not from a whitelisted domain, dropping it");
+ jid_free(from);
+ nad_free(nad);
+ return 0;
+ }
+
+ jid_free(from);
+
_in_packet(in, nad);
return 0;
case event_CLOSED:
+ if (in->fd != NULL) {
mio_close(in->s2s->mio, in->fd);
+ in->fd = NULL;
+ }
return -1;
}