WIP: security: validate <delay>'s from and <stanza-id>'s by attributes #97

Draft
jabber.developer2 wants to merge 1 commits from fix/delay-timestamp-validation into master

1 Commits

Author SHA1 Message Date
55c73ee21a security: validate <delay> 'from' per XEP-0203 §4
Some checks failed
CI Code / Check spelling (pull_request) Successful in 19s
CI Code / Check coding style (pull_request) Successful in 34s
CI Code / Code Coverage (pull_request) Failing after 9m56s
CI Code / Linux (arch) (pull_request) Failing after 13m41s
CI Code / Linux (debian) (pull_request) Failing after 15m0s
CI Code / Linux (ubuntu) (pull_request) Failing after 15m9s
Reject client-forged <delay> timestamps in the incoming message handlers. The displayed timestamp was taken from an unfiltered delay scan, so a remote peer could place a message anywhere in history by injecting <delay from='...' stamp='...'>.

- _handle_groupchat: oldest delay from room bare JID -> room domain -> our server domain, else now.
- _handle_muc_private_message / _handle_chat: delay from our server domain -> sender domain, else now.

Add stanza_get_oldest_delay_from(); stanza_get_oldest_delay() delegates with from=NULL. The MAM <forwarded> path stays unfiltered (trusted by construction). The original PR's XEP-0359 <stanza-id> 'by' edits are dropped: master already validates 'by'.
2026-06-19 10:53:11 +03:00