fix: checking invalid profileKey lengths on message receive and retrieve profile avatars

This commit is contained in:
Harris 2022-01-23 00:24:34 +11:00
parent 8ea0690e3a
commit c70de069a4
3 changed files with 7 additions and 6 deletions

View File

@ -154,8 +154,8 @@ dependencies {
testImplementation 'org.robolectric:shadows-multidex:4.4' testImplementation 'org.robolectric:shadows-multidex:4.4'
} }
def canonicalVersionCode = 242 def canonicalVersionCode = 246
def canonicalVersionName = "1.11.14" def canonicalVersionName = "1.11.15"
def postFixSize = 10 def postFixSize = 10
def abiPostFix = ['armeabi-v7a' : 1, def abiPostFix = ['armeabi-v7a' : 1,

View File

@ -79,7 +79,7 @@ public class RetrieveProfileAvatarJob extends BaseJob {
RecipientDatabase database = DatabaseComponent.get(context).recipientDatabase(); RecipientDatabase database = DatabaseComponent.get(context).recipientDatabase();
byte[] profileKey = recipient.resolve().getProfileKey(); byte[] profileKey = recipient.resolve().getProfileKey();
if (profileKey == null) { if (profileKey == null || (profileKey.length != 32 && profileKey.length != 16)) {
Log.w(TAG, "Recipient profile key is gone!"); Log.w(TAG, "Recipient profile key is gone!");
return; return;
} }

View File

@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS
if (name.isNotEmpty()) { if (name.isNotEmpty()) {
profileManager.setName(context, recipient, name) profileManager.setName(context, recipient, name)
} }
if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true val newProfileKey = profile.profileKey
&& (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) { if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true
profileManager.setProfileKey(context, recipient, profile.profileKey!!) && (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) {
profileManager.setProfileKey(context, recipient, newProfileKey)
profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN) profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN)
profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!) profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!)
} }