From c70de069a449f6f82778df1bf0e1e29d8894b644 Mon Sep 17 00:00:00 2001 From: Harris Date: Sun, 23 Jan 2022 00:24:34 +1100 Subject: [PATCH] fix: checking invalid profileKey lengths on message receive and retrieve profile avatars --- app/build.gradle | 4 ++-- .../securesms/jobs/RetrieveProfileAvatarJob.java | 2 +- .../messaging/sending_receiving/ReceivedMessageHandler.kt | 7 ++++--- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index c32fff90fb..ed28a98234 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -154,8 +154,8 @@ dependencies { testImplementation 'org.robolectric:shadows-multidex:4.4' } -def canonicalVersionCode = 242 -def canonicalVersionName = "1.11.14" +def canonicalVersionCode = 246 +def canonicalVersionName = "1.11.15" def postFixSize = 10 def abiPostFix = ['armeabi-v7a' : 1, diff --git a/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java b/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java index 60232a8e82..897b98e97f 100644 --- a/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java +++ b/app/src/main/java/org/thoughtcrime/securesms/jobs/RetrieveProfileAvatarJob.java @@ -79,7 +79,7 @@ public class RetrieveProfileAvatarJob extends BaseJob { RecipientDatabase database = DatabaseComponent.get(context).recipientDatabase(); byte[] profileKey = recipient.resolve().getProfileKey(); - if (profileKey == null) { + if (profileKey == null || (profileKey.length != 32 && profileKey.length != 16)) { Log.w(TAG, "Recipient profile key is gone!"); return; } diff --git a/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt b/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt index 4f94df7cef..eee70891b8 100644 --- a/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt +++ b/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt @@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS if (name.isNotEmpty()) { profileManager.setName(context, recipient, name) } - if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true - && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) { - profileManager.setProfileKey(context, recipient, profile.profileKey!!) + val newProfileKey = profile.profileKey + if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true + && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) { + profileManager.setProfileKey(context, recipient, newProfileKey) profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN) profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!) }