aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel.gultsch@rwth-aachen.de>2014-05-03 17:07:37 +0200
committerDaniel Gultsch <daniel.gultsch@rwth-aachen.de>2014-05-03 17:07:37 +0200
commit4822d4dce7c8110c76dece28ccc2b3dd98698b97 (patch)
tree010a3b096a50ef17a525ab5e4a0e2076ecb7f490
parentbe2f7e047a488d5ca7de04dfa5437c290882274e (diff)
allow roster pushes only from bare jid or null
-rw-r--r--src/eu/siacs/conversations/services/XmppConnectionService.java10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/eu/siacs/conversations/services/XmppConnectionService.java b/src/eu/siacs/conversations/services/XmppConnectionService.java
index 70d5fc03a..d554c5041 100644
--- a/src/eu/siacs/conversations/services/XmppConnectionService.java
+++ b/src/eu/siacs/conversations/services/XmppConnectionService.java
@@ -377,12 +377,14 @@ public class XmppConnectionService extends Service {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
- if (packet.hasChild("query")) {
- Element query = packet.findChild("query");
- String xmlns = query.getAttribute("xmlns");
- if ((xmlns != null) && (xmlns.equals("jabber:iq:roster"))) {
+ if (packet.hasChild("query","jabber:iq:roster")) {
+ String from = packet.getFrom();
+ if ((from==null)||(from.equals(account.getJid()))) {
+ Element query = packet.findChild("query");
processRosterItems(account, query);
mergePhoneContactsWithRoster(null);
+ } else {
+ Log.d(LOGTAG,"unauthorized roster push from: "+from);
}
} else if (packet
.hasChild("open", "http://jabber.org/protocol/ibb")