keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

Verify that incoming sync messages are from one of our devices, don't send messages to ourselves

Browse Source
pull/601/head
Beaudan Brown 6 years ago
parent 4aaa9ba26d
commit 722c10dd70
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File

28
libtextsecure/message_receiver.js
Unescape Escape View File

@ -1018,7 +1018,9 @@ MessageReceiver.prototype.extend({
this.processDecrypted(envelope, msg).then(message => { this.processDecrypted(envelope, msg).then(message => {
const groupId = message.group && message.group.id; const groupId = message.group && message.group.id;
const isBlocked = this.isGroupBlocked(groupId); const isBlocked = this.isGroupBlocked(groupId);
const isMe = envelope.source === textsecure.storage.user.getNumber(); const isMe =
envelope.source === textsecure.storage.user.getNumber() ||
envelope.source === window.storage.get('primaryDevicePubKey');
const isLeavingGroup = Boolean( const isLeavingGroup = Boolean(
message.group && message.group &&
message.group.type === textsecure.protobuf.GroupContext.Type.QUIT message.group.type === textsecure.protobuf.GroupContext.Type.QUIT
@ -1451,13 +1453,23 @@ MessageReceiver.prototype.extend({
window.log.info('null message from', this.getEnvelopeId(envelope)); window.log.info('null message from', this.getEnvelopeId(envelope));
this.removeFromCache(envelope); this.removeFromCache(envelope);
}, },
handleSyncMessage(envelope, syncMessage) { async handleSyncMessage(envelope, syncMessage) {
if (envelope.source !== this.number) { const ourNumber = textsecure.storage.user.getNumber();
throw new Error('Received sync message from another number'); // NOTE: Maybe we should be caching this list?
} const ourAuthorisations = await libloki.storage.getPrimaryDeviceMapping(
// eslint-disable-next-line eqeqeq ourNumber
if (envelope.sourceDevice == this.deviceId) { );
throw new Error('Received sync message from our own device'); const validSyncSender =
ourAuthorisations &&
ourAuthorisations.some(
auth =>
auth.secondaryDevicePubKey === ourNumber ||
auth.primaryDevicePubKey === ourNumber
);
if (!validSyncSender) {
throw new Error(
"Received sync message from a device we aren't paired with"
);
} }
if (syncMessage.sent) { if (syncMessage.sent) {
const sentMessage = syncMessage.sent; const sentMessage = syncMessage.sent;

10
libtextsecure/outgoing_message.js
Unescape Escape View File

@ -95,18 +95,18 @@ OutgoingMessage.prototype = {
this.numberCompleted(); this.numberCompleted();
}, },
reloadDevicesAndSend(number, recurse) { reloadDevicesAndSend(number, recurse) {
const ourNumber = textsecure.storage.user.getNumber();
return () => return () =>
libloki.storage libloki.storage
.getAllDevicePubKeysForPrimaryPubKey(number) .getAllDevicePubKeysForPrimaryPubKey(number)
// Don't send to ourselves
.then(devicesPubKeys =>
devicesPubKeys.filter(pubKey => pubKey !== ourNumber)
)
.then(devicesPubKeys => { .then(devicesPubKeys => {
if (devicesPubKeys.length === 0) { if (devicesPubKeys.length === 0) {
// eslint-disable-next-line no-param-reassign // eslint-disable-next-line no-param-reassign
devicesPubKeys = [number]; devicesPubKeys = [number];
// return this.registerError(
// number,
// 'Got empty device list when loading device keys',
// null
// );
} }
return this.doSendMessage(number, devicesPubKeys, recurse); return this.doSendMessage(number, devicesPubKeys, recurse);
}); });

Write Preview
Loading…
Cancel
Save