#1476 Reply on s2s using dialback multiplexing can be routed wrong
Reporter
Zash
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Accepted
Type-Defect
Priority-Medium
Zash
on
The session.send() function in mod_s2s uses the stream to/from for routing,
but in case dialback multiplexing has been used this might not match the hosts
in the to/from attrs on the stanza.
So session.send(st.reply(stanza)) can be routed with the wrong hosts, however
only hosts that has been authenticated via dialback can be used a source.
The session.send() function in mod_s2s uses the stream to/from for routing, but in case dialback multiplexing has been used this might not match the hosts in the to/from attrs on the stanza. So session.send(st.reply(stanza)) can be routed with the wrong hosts, however only hosts that has been authenticated via dialback can be used a source.
Reported by dwd long ago
Changes