From 5f759a617c64a7dda06847e5c3f55cae408902b2 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Mon, 4 Feb 2019 23:16:27 -0800
Subject: [PATCH] ircd::resource: Improve X-Matrix destination host check.

---
 ircd/resource.cc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ircd/resource.cc b/ircd/resource.cc
index bdfb1a653..d18558c57 100644
--- a/ircd/resource.cc
+++ b/ircd/resource.cc
@@ -609,6 +609,13 @@ const try
 			"Required X-Matrix Authorization was not supplied"
 		};
 
+	if(!m::my_host(request.head.host))
+		throw m::error
+		{
+			http::UNAUTHORIZED, "M_NOT_MY_HOST",
+			"The X-Matrix Authorization destination host is not recognized here."
+		};
+
 	const m::request::x_matrix x_matrix
 	{
 		request.head.authorization
@@ -616,7 +623,7 @@ const try
 
 	const m::request object
 	{
-		x_matrix.origin, my_host(), name, request.head.uri, request.content
+		x_matrix.origin, request.head.host, name, request.head.uri, request.content
 	};
 
 	if(!object.verify(x_matrix.key, x_matrix.sig))