mirror/galene
1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-10 02:35:58 +01:00
Code Activity

Protect against chat message spoofing.

Browse source
This commit is contained in:
Juliusz Chroboczek 2020-11-30 15:22:00 +01:00
parent f9e0573654
commit 74b3683cf1
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
rtpconn/webclient.go
View file

@ -1069,6 +1069,13 @@ func handleClientMessage(c *webClient, m clientMessage) error {
log.Printf("ICE: %v", err)
}
case "chat", "usermessage":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
tm := group.ToJSTime(time.Now())
if m.Type == "chat" {
if m.Dest == "" {