From dd33f5f949248d87d34f399e8846d5ee5b8823d9 Mon Sep 17 00:00:00 2001
From: Marvin W <git@larma.de>
Date: Tue, 10 Sep 2019 21:58:12 +0200
Subject: Check roster push authorization

---
 xmpp-vala/src/module/roster/module.vala | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'xmpp-vala')

diff --git a/xmpp-vala/src/module/roster/module.vala b/xmpp-vala/src/module/roster/module.vala
index 7a69abe9..0fa7911c 100644
--- a/xmpp-vala/src/module/roster/module.vala
+++ b/xmpp-vala/src/module/roster/module.vala
@@ -47,6 +47,10 @@ public class Module : XmppStreamModule, Iq.Handler {
     public void on_iq_set(XmppStream stream, Iq.Stanza iq) {
         StanzaNode? query_node = iq.stanza.get_subnode("query", NS_URI);
         if (query_node == null) return;
+        if (!iq.from.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
+            warning("Received alledged roster push from %s, ignoring", iq.from.to_string());
+            return;
+        }
 
         Flag flag = stream.get_flag(Flag.IDENTITY);
         Item item = new Item.from_stanza_node(query_node.get_subnode("item", NS_URI));
-- 
cgit v1.2.3-54-g00ecf