Log alleged roster push to file

https://gultsch.de/dino_multiple.html mentions CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237. CVE-2019-16235: Is checking the from in carbon messages. We do that. CVE-2019-16236: Is checking the from in roster pushes. We do that but didn't log it yet. CVE-2019-16237: Is checking the form in MAM messages. We don't support them yet.
author: Michael Vetter <jubalh@iodoru.org> 2019-09-12 20:55:16 +0200
committer: Michael Vetter <jubalh@iodoru.org> 2019-09-12 20:55:16 +0200
commit: 6cf06dc51614b255282821185b6d62bab8719baa (patch)
tree: f6a0de79fe7db50f5baee5cf21808c36cb4ae706
parent: 385df53282cdad02b8364a2738888dcbd1cd0ec6 (diff)
download: profani-tty-6cf06dc51614b255282821185b6d62bab8719baa.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/xmpp/roster.c b/src/xmpp/roster.c
index 633f6700..adcd447c 100644
--- a/src/xmpp/roster.c
+++ b/src/xmpp/roster.c
@@ -213,6 +213,7 @@ roster_set_handler(xmpp_stanza_t *const stanza)
     Jid *my_jid = jid_create(connection_get_fulljid());
     const char *from = xmpp_stanza_get_from(stanza);
     if (from && (strcmp(from, my_jid->barejid) != 0)) {
+        log_warning("Received alleged roster push from: %s", from);
         jid_destroy(my_jid);
         return;
     }
author	Michael Vetter <jubalh@iodoru.org>	2019-09-12 20:55:16 +0200
committer	Michael Vetter <jubalh@iodoru.org>	2019-09-12 20:55:16 +0200
commit	6cf06dc51614b255282821185b6d62bab8719baa (patch)
tree	f6a0de79fe7db50f5baee5cf21808c36cb4ae706
parent	385df53282cdad02b8364a2738888dcbd1cd0ec6 (diff)
download	profani-tty-6cf06dc51614b255282821185b6d62bab8719baa.tar.gz