]> granicus.if.org Git - ejabberd/commitdiff
projects / ejabberd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a60fda7)
XEP-0198: Reject <resume/> with negative 'h' value
authorHolger Weiss <holger@zedat.fu-berlin.de>
Fri, 9 May 2014 16:01:31 +0000 (18:01 +0200)
committerHolger Weiss <holger@zedat.fu-berlin.de>
Fri, 9 May 2014 16:01:31 +0000 (18:01 +0200)
Make sure the 'h' attribute sent with a <resume/> request is
nonnegative, as mandated by XEP-0198.

We already have this check for <a/> elements.

src/ejabberd_c2s.erl patch | blob | history

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 5fb81d1f5fa1b479e0b72182b626f1c3e4c0d629..0897730a59e80fac45036bf66846ed9d3ce5ae36 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -2707,7 +2707,7 @@ handle_resume(StateData, Attrs) ->
                    case {xml:get_attr(<<"previd">>, Attrs),
                          catch jlib:binary_to_integer(xml:get_attr_s(<<"h">>, Attrs))}
                        of
-                     {{value, PrevID}, H} when is_integer(H) ->
+                     {{value, PrevID}, H} when is_integer(H), H >= 0 ->
                          case inherit_session_state(StateData, PrevID) of
                            {ok, InheritedState} ->
                                {ok, InheritedState, H};
Unnamed repository; edit this file 'description' to name the repository.