XEP-0198: Gracefully handle wrong credentials

Produce a proper error message instead of crashing when the JID encoded
in the 'previd' value of a <resume/> request is different from the
authenticated JID.

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 1e07be859beafb0753d912df8aa746bcd00175d7..de80308fc77de0b6df2af4f950c1bd41ade67d8e 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -2936,6 +2936,8 @@ inherit_session_state(#state{user = U, server = S} = StateData, ResumeID) ->
                      {error, <<"Cannot grab session state">>}
                end
          end;
+      {term, {_WrongU, _WrongS, _R, _Time}} ->
+         {error, <<"Previous JID doesn't match authenticated JID">>};
       error ->
          {error, <<"Invalid 'previd' value">>}
     end.