mirror of
https://codeberg.org/Mercury-IM/Smack
synced 2024-11-14 03:32:06 +01:00
6c7296a37b
In the absence of checks on the from address, it is possible for other clients to fake an answer to an IQ request. This commit adds an IQReplyFilter, which drops all packets which are not a valid reply to an IQ request. In particular, it checks for packet id, from address and packet type. Most(?) places waiting for a reply to an IQ request are converted to use the IQReplyFilter. For a discussion of the issues, see the thread "Spoofing of iq ids and misbehaving servers" from 2014-01 on the jdev@jabber.org mailing list and following discussion in February and March. |
||
---|---|---|
.. | ||
src |