Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions grr/server/grr_response_server/frontend_lib.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,12 @@ def ReceiveMessages(
flow_responses = []
for message in unprocessed_msgs:
try:
# Verify that the session_id belongs to the sender client
msg_client_id = rdf_flow_objects._ClientIDFromSessionID(message.session_id)
if msg_client_id != client_id:
logging.error("Client %s tried to spoof response for %s", client_id, msg_client_id)
continue

response = rdf_flow_objects.FlowResponseForLegacyResponse(message)
except ValueError as e:
logging.warning(
Expand Down