Fix check for valid sender when handling sync message

5 years ago · a03185248c
parent 0eaebcbcac
commit a03185248c
2 changed files with 7 additions and 5 deletions
--- a/libloki/storage.js
+++ b/libloki/storage.js
@ -131,7 +131,7 @@
    if (deviceMapping.isPrimary === '0') {
      const { primaryDevicePubKey } =
        authorisations.find(
-          authorisation => authorisation.secondaryDevicePubKey === pubKey
+          authorisation => authorisation && authorisation.secondaryDevicePubKey === pubKey
        ) || {};
      if (primaryDevicePubKey) {
        // do NOT call getprimaryDeviceMapping recursively
--- a/libtextsecure/message_receiver.js
+++ b/libtextsecure/message_receiver.js
@ -1469,18 +1469,20 @@ MessageReceiver.prototype.extend({
    this.removeFromCache(envelope);
  },
  async handleSyncMessage(envelope, syncMessage) {
+    // We should only accept sync messages from our devices
    const ourNumber = textsecure.storage.user.getNumber();
-    // NOTE: Maybe we should be caching this list?
-    const ourDevices = await libloki.storage.getAllDevicePubKeysForPrimaryPubKey(
+    const ourPrimaryNumber = window.storage.get('primaryDevicePubKey');
+    const ourOtherDevices = await libloki.storage.getAllDevicePubKeysForPrimaryPubKey(
      window.storage.get('primaryDevicePubKey')
    );
-    const validSyncSender =
-      ourDevices && ourDevices.some(devicePubKey => devicePubKey === ourNumber);
+    const ourDevices = new Set([ourNumber, ourPrimaryNumber, ...ourOtherDevices]);
+    const validSyncSender = ourDevices.has(envelope.source);
    if (!validSyncSender) {
      throw new Error(
        "Received sync message from a device we aren't paired with"
      );
    }
+
    if (syncMessage.sent) {
      const sentMessage = syncMessage.sent;
      const to = sentMessage.message.group