From 713e9a3acfefee76b0191323af462f88ff0a58d4 Mon Sep 17 00:00:00 2001 From: sachaaaaa Date: Fri, 23 Aug 2019 14:28:23 +1000 Subject: [PATCH] Fix pubkey validation --- libtextsecure/account_manager.js | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/libtextsecure/account_manager.js b/libtextsecure/account_manager.js index 11a6b6d6f..c0b46e26c 100644 --- a/libtextsecure/account_manager.js +++ b/libtextsecure/account_manager.js @@ -13,7 +13,8 @@ log, storage, Event, - ConversationController + ConversationController, + Whisper */ /* eslint-disable more/no-then */ @@ -555,22 +556,20 @@ this.dispatchEvent(new Event('registration')); }, async authoriseSecondaryDevice(secondaryDevicePubKey) { - if (secondaryDevicePubKey === textsecure.storage.user.getNumber()) { + const ourPubKey = textsecure.storage.user.getNumber(); + if (secondaryDevicePubKey === ourPubKey) { throw new Error( 'Cannot register primary device pubkey as secondary device' ); } - // Validate pubKey - const c = await ConversationController.getOrCreateAndWait( + // throws if invalid + this.validatePubKeyHex(secondaryDevicePubKey); + // we need a conversation for sending a message + await ConversationController.getOrCreateAndWait( secondaryDevicePubKey, 'private' ); - const validationError = c.validateNumber(); - if (validationError) { - throw new Error('Invalid secondary device pubkey provided'); - } - // Ensure there is a conversation existing const signature = await libloki.crypto.generateSignatureForPairing( secondaryDevicePubKey, textsecure.protobuf.PairingAuthorisationMessage.Type.PAIRING_REQUEST @@ -580,6 +579,16 @@ signature ); }, + validatePubKeyHex(pubKey) { + const c = new Whisper.Conversation({ + id: pubKey, + type: 'private', + }); + const validationError = c.validateNumber(); + if (validationError) { + throw new Error(validationError); + } + }, }); textsecure.AccountManager = AccountManager; })();