--- /tmp/jabberd-2.1.24.1/s2s/in.c 2008-04-27 02:57:31.000000000 -0700
+++ ./jabberd2/s2s/in.c 2009-05-26 14:27:07.000000000 -0700
@@ -156,6 +156,8 @@ static int _in_sx_callback(sx_t s, sx_ev
sx_error_t *sxe;
nad_t nad;
char ipport[INET6_ADDRSTRLEN + 17];
+ jid_t from;
+ int attr;
switch(e) {
case event_WANT_READ:
@@ -266,7 +268,9 @@ static int _in_sx_callback(sx_t s, sx_ev
in->last_packet = time(NULL);
/* dialback packets */
- if(NAD_NURI_L(nad, NAD_ENS(nad, 0)) == strlen(uri_DIALBACK) && strncmp(uri_DIALBACK, NAD_NURI(nad, NAD_ENS(nad, 0)), strlen(uri_DIALBACK)) == 0) {
+ if(NAD_NURI_L(nad, NAD_ENS(nad, 0)) == strlen(uri_DIALBACK) && strncmp(uri_DIALBACK, NAD_NURI(nad, NAD_ENS(nad, 0)), strlen(uri_DIALBACK)) == 0 &&
+ (in->s2s->require_tls == 0 || s->ssf > 0)) {
+
/* only result and verify mean anything */
if(NAD_ENAME_L(nad, 0) == 6) {
if(strncmp("result", NAD_ENAME(nad, 0), 6) == 0) {
@@ -313,6 +317,22 @@ static int _in_sx_callback(sx_t s, sx_ev
return 0;
}
+ /* perform check against whitelist */
+ attr = nad_find_attr(nad, 0, -1, "from", NULL);
+ if(attr < 0 || (from = jid_new(in->s2s->pc, NAD_AVAL(nad, attr), NAD_AVAL_L(nad, attr))) == NULL) {
+ log_debug(ZONE, "missing or invalid from on incoming packet, attr is %d", attr);
+ nad_free(nad);
+ return 0;
+ }
+
+ if (in->s2s->enable_whitelist > 0 && (s2s_domain_in_whitelist(in->s2s, from->domain) == 0)) {
+ log_write(in->s2s->log, LOG_NOTICE, "received a packet not from a whitelisted domain, dropping it");
+ jid_free(from);
+ nad_free(nad);
+ return 0;
+ }
+
+ jid_free(from);
_in_packet(in, nad);
return 0;