inex/famedlysdk
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'soru/fix-state-attack' into 'master'

Browse source 
Fix state attack

See merge request famedly/famedlysdk!343
This commit is contained in:
Christian Pauly 2020-06-10 14:17:57 +00:00
parent 7ee7afb7be f485ca29d8
commit a61efa0384
3 changed files with 54 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/src/database/database.dart
View file

@ -273,7 +273,7 @@ class Database extends _$Database {
final chatId = eventUpdate.roomID; final chatId = eventUpdate.roomID;
// Get the state_key for state events // Get the state_key for state events
var stateKey = ''; String stateKey;
if (eventContent['state_key'] is String) { if (eventContent['state_key'] is String) {
stateKey = eventContent['state_key']; stateKey = eventContent['state_key'];
} }
@ -331,7 +331,10 @@ class Database extends _$Database {
if (type == 'history') return; if (type == 'history') return;
if (type != 'account_data') { if (type != 'account_data' &&
((stateKey is String) ||
[EventTypes.Message, EventTypes.Sticker, EventTypes.Encrypted]
.contains(eventUpdate.eventType))) {
final now = DateTime.now(); final now = DateTime.now();
await storeRoomState( await storeRoomState(
clientId, clientId,
@ -347,7 +350,7 @@ class Database extends _$Database {
json.encode(eventContent['unsigned'] ?? ''), json.encode(eventContent['unsigned'] ?? ''),
json.encode(eventContent['content']), json.encode(eventContent['content']),
json.encode(eventContent['prev_content'] ?? ''), json.encode(eventContent['prev_content'] ?? ''),
stateKey, stateKey ?? '',
); );
} else if (type == 'account_data') { } else if (type == 'account_data') {
await storeRoomAccountData( await storeRoomAccountData(

10
lib/src/room.dart
View file

@ -115,7 +115,15 @@ class Room {
print('[LibOlm] Could not decrypt room state: ' + e.toString()); print('[LibOlm] Could not decrypt room state: ' + e.toString());
} }
} }
if ((getState(state.type)?.originServerTs?.millisecondsSinceEpoch ?? 0) > if (!(state.stateKey is String) &&
![EventTypes.Message, EventTypes.Sticker, EventTypes.Encrypted]
.contains(state.type)) {
return;
}
if ((getState(state.type, state.stateKey ?? '')
?.originServerTs
?.millisecondsSinceEpoch ??
0) >
(state.originServerTs?.millisecondsSinceEpoch ?? 1)) { (state.originServerTs?.millisecondsSinceEpoch ?? 1)) {
return; return;
} }

39
test/room_test.dart
View file

@ -447,6 +447,45 @@ void main() {
await room.setHistoryVisibility(HistoryVisibility.joined); await room.setHistoryVisibility(HistoryVisibility.joined);
}); });
test('setState', () async {
// not set non-state-events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'type': 'm.custom',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.custom') != null, false);
// set state events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'state_key': '',
'type': 'm.custom',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.custom') != null, true);
// sets messages as state events
room.setState(Event.fromJson({
'content': {'history_visibility': 'shared'},
'event_id': '\$143273582443PhrSn:example.org',
'origin_server_ts': 1432735824653,
'room_id': '!jEsUZKDJdhlrceRyVU:example.org',
'sender': '@example:example.org',
'type': 'm.room.message',
'unsigned': {'age': 1234}
}, room));
expect(room.getState('m.room.message') != null, true);
});
test('logout', () async { test('logout', () async {
await matrix.logout(); await matrix.logout();
}); });