diff options
| -rw-r--r-- | doc/CHANGES | 3 | ||||
| -rw-r--r-- | protocols/jabber/jabber.c | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/doc/CHANGES b/doc/CHANGES index 1f7f69c4..9ccf77c0 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -18,6 +18,9 @@ Version 1.0: - Incoming typing notifications now also come in as CTCP TYPING messages, for better consistency. Don't forget to update your scripts! - AIM typing notifications are supported now. +- Jabber module only accepts ports 5220-5229 now, to prevent people from + abusing it as a port scanner. We aren't aware of any Jabber server that + runs on other ports than those. If you are, please warn us. Finished ... diff --git a/protocols/jabber/jabber.c b/protocols/jabber/jabber.c index e7703b44..535607e6 100644 --- a/protocols/jabber/jabber.c +++ b/protocols/jabber/jabber.c @@ -54,6 +54,8 @@ #define DEFAULT_GROUPCHAT "conference.jabber.org" #define DEFAULT_PORT 5222 #define DEFAULT_PORT_SSL 5223 +#define JABBER_PORT_MIN 5220 +#define JABBER_PORT_MAX 5229 #define JABBER_GROUP "Friends" @@ -589,8 +591,8 @@ static void gjab_start(gjconn gjc) port = DEFAULT_PORT; else if (port == -1 && ssl) port = DEFAULT_PORT_SSL; - else if (port != 5222 && port != 5223) { - serv_got_crap(GJ_GC(gjc), "Only port numbers 5222 and 5223 are allowed for Jabber connections."); + else if (port < JABBER_PORT_MIN || port > JABBER_PORT_MAX) { + serv_got_crap(GJ_GC(gjc), "For security reasons, the Jabber port number must be in the %d-%d range.", JABBER_PORT_MIN, JABBER_PORT_MAX); STATE_EVT(JCONN_STATE_OFF) return; } |