make sure the persona reported by the browser matches

2019-11-07 18:35:34 +00:00
parent 5de8a51e47
commit 3b2e1cf98c
1 changed files with 4 additions and 1 deletions
--- a/core/src/main/groovy/com/muwire/core/connection/ConnectionAcceptor.groovy
+++ b/core/src/main/groovy/com/muwire/core/connection/ConnectionAcceptor.groovy
@@ -333,8 +333,11 @@ class ConnectionAcceptor {
                
            Persona browser = null
            Map<String,String> headers = DataUtil.readAllHeaders(dis);
-            if (headers.containsKey('Persona')) 
+            if (headers.containsKey('Persona')) { 
                browser = new Persona(new ByteArrayInputStream(Base64.decode(headers['Persona'])))
+                if (browser.destination != e.destination)
+                    throw new IOException("browser persona mismatch")
+            }

            OutputStream os = e.getOutputStream()
            if (!settings.browseFiles) {