fix: checking invalid profileKey lengths on message receive and retrieve profile avatars

2025-08-11 21:07:42 +00:00 · 2022-01-23 00:24:34 +11:00
parent 8ea0690e3a
commit c70de069a4
3 changed files with 7 additions and 6 deletions
--- a/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt
+++ b/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/ReceivedMessageHandler.kt
@@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS
        if (name.isNotEmpty()) {
            profileManager.setName(context, recipient, name)
        }
-        if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true
-            && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) {
-            profileManager.setProfileKey(context, recipient, profile.profileKey!!)
+        val newProfileKey = profile.profileKey
+        if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true
+            && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) {
+            profileManager.setProfileKey(context, recipient, newProfileKey)
            profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN)
            profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!)
        }