Smack

mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-14 00:02:05 +01:00

History

Lars Noschinski 9ac882241a Process only requested roster results (SMACK-538) Prior to this change, Smack processes each RosterPacket (which is not of type IQ.Type.RESULT) as a roster result. Any other client on the XMPP network can send such a packet (not only our server). This allows a malicious party to overwrite our Roster. This patch changes smack so that a RosterPacket is discarded if it is not a reply to a roster request.	2014-03-07 16:13:19 +01:00
..
org/jivesoftware/smack	Process only requested roster results (SMACK-538)	2014-03-07 16:13:19 +01:00

Lars Noschinski 9ac882241a Process only requested roster results (SMACK-538)

Prior to this change, Smack processes each RosterPacket (which is not of
type IQ.Type.RESULT) as a roster result.

Any other client on the XMPP network can send such a packet (not only
our server). This allows a malicious party to overwrite our Roster.

This patch changes smack so that a RosterPacket is discarded if it is
not a reply to a roster request.

2014-03-07 16:13:19 +01:00

org/jivesoftware/smack

Process only requested roster results (SMACK-538)

2014-03-07 16:13:19 +01:00