Merge branch 'soru/fix-state-attack' into 'master'

Fix state attack

See merge request famedly/famedlysdk!343
This commit is contained in:
Christian Pauly 2020-06-10 14:17:57 +00:00
commit a61efa0384
3 changed files with 54 additions and 4 deletions

View file

@ -273,7 +273,7 @@ class Database extends _$Database {
final chatId = eventUpdate.roomID;
// Get the state_key for state events
var stateKey = '';
String stateKey;
if (eventContent['state_key'] is String) {
stateKey = eventContent['state_key'];
}
@ -331,7 +331,10 @@ class Database extends _$Database {
if (type == 'history') return;
if (type != 'account_data') {
if (type != 'account_data' &&
((stateKey is String) ||
[EventTypes.Message, EventTypes.Sticker, EventTypes.Encrypted]
.contains(eventUpdate.eventType))) {
final now = DateTime.now();
await storeRoomState(
clientId,
@ -347,7 +350,7 @@ class Database extends _$Database {
json.encode(eventContent['unsigned'] ?? ''),
json.encode(eventContent['content']),
json.encode(eventContent['prev_content'] ?? ''),
stateKey,
stateKey ?? '',
);
} else if (type == 'account_data') {
await storeRoomAccountData(

View file

@ -115,7 +115,15 @@ class Room {
print('[LibOlm] Could not decrypt room state: ' + e.toString());
}
}
if ((getState(state.type)?.originServerTs?.millisecondsSinceEpoch ?? 0) >
if (!(state.stateKey is String) &&
![EventTypes.Message, EventTypes.Sticker, EventTypes.Encrypted]
.contains(state.type)) {
return;
}
if ((getState(state.type, state.stateKey ?? '')
?.originServerTs
?.millisecondsSinceEpoch ??
0) >
(state.originServerTs?.millisecondsSinceEpoch ?? 1)) {
return;
}

View file

@ -447,6 +447,45 @@ void main() {
await room.setHistoryVisibility(HistoryVisibility.joined);
});
test('setState', () async {
// not set non-state-events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'type': 'm.custom',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.custom') != null, false);
// set state events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'state_key': '',
'type': 'm.custom',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.custom') != null, true);
// sets messages as state events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'type': 'm.room.message',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.room.message') != null, true);
});
test('logout', () async {
await matrix.logout();
});