fix: checking invalid profileKey lengths on message receive and retrieve profile avatars

2 years ago · c70de069a4
parent 8ea0690e3a
commit c70de069a4
3 changed files with 7 additions and 6 deletions
--- a/app/build.gradle
+++ b/app/build.gradle
@ -154,8 +154,8 @@ dependencies {
    testImplementation 'org.robolectric:shadows-multidex:4.4'
 }

-def canonicalVersionCode = 242
-def canonicalVersionName = "1.11.14"
+def canonicalVersionCode = 246
+def canonicalVersionName = "1.11.15"

 def postFixSize = 10
 def abiPostFix = ['armeabi-v7a' : 1,
--- a/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java
@ -79,7 +79,7 @@ public class RetrieveProfileAvatarJob extends BaseJob {
    RecipientDatabase database   = DatabaseComponent.get(context).recipientDatabase();
    byte[]            profileKey = recipient.resolve().getProfileKey();

-    if (profileKey == null) {
+    if (profileKey == null || (profileKey.length != 32 && profileKey.length != 16)) {
      Log.w(TAG, "Recipient profile key is gone!");
      return;
    }
--- a/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt
@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS
        if (name.isNotEmpty()) {
            profileManager.setName(context, recipient, name)
        }
-        if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true
-            && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) {
-            profileManager.setProfileKey(context, recipient, profile.profileKey!!)
+        val newProfileKey = profile.profileKey
+        if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true
+            && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) {
+            profileManager.setProfileKey(context, recipient, newProfileKey)
            profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN)
            profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!)
        }