When sending an IQ using Client::sendIq() the client will track the ID of the sent IQ to report the IQ response in via the QFuture.
Now, if another client knows which ID QXmpp uses for a request, it could send a response with the ID before the actually addressed client sends a response. Since QXmpp only checks the ID of the IQ, it would accept the response from the other entity.
QXmpp's IDs for IQs are usually just "qxmpp1", "qxmpp2", etc.
Example:
QXmpp sends an IQ of type 'get' to A with id "1".
B sends an IQ of type 'result' to QXmpp with id "1".
QXmpp processes the result from B (although the request was address to A)
A sends an IQ of type 'result' to QXmpp with id "1".
QXmpp ignores the IQ from A as it does not know the ID (TODO: should QXmpp close the stream in such a case?).
Solution:
Also cache the to address and check it when receiving IQ results.
When sending an IQ using
Client::sendIq()the client will track the ID of the sent IQ to report the IQ response in via the QFuture.Now, if another client knows which ID QXmpp uses for a request, it could send a response with the ID before the actually addressed client sends a response. Since QXmpp only checks the ID of the IQ, it would accept the response from the other entity.
QXmpp's IDs for IQs are usually just "qxmpp1", "qxmpp2", etc.
Example:
Solution: Also cache the to address and check it when receiving IQ results.