fix: checking invalid profileKey lengths on message receive and retrieve profile avatars

This commit is contained in:
Harris 2022-01-23 00:24:34 +11:00
parent 8ea0690e3a
commit c70de069a4
3 changed files with 7 additions and 6 deletions

View File

@ -154,8 +154,8 @@ dependencies {
testImplementation 'org.robolectric:shadows-multidex:4.4'
}
def canonicalVersionCode = 242
def canonicalVersionName = "1.11.14"
def canonicalVersionCode = 246
def canonicalVersionName = "1.11.15"
def postFixSize = 10
def abiPostFix = ['armeabi-v7a' : 1,

View File

@ -79,7 +79,7 @@ public class RetrieveProfileAvatarJob extends BaseJob {
RecipientDatabase database = DatabaseComponent.get(context).recipientDatabase();
byte[] profileKey = recipient.resolve().getProfileKey();
if (profileKey == null) {
if (profileKey == null || (profileKey.length != 32 && profileKey.length != 16)) {
Log.w(TAG, "Recipient profile key is gone!");
return;
}

View File

@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS
if (name.isNotEmpty()) {
profileManager.setName(context, recipient, name)
}
if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true
&& (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) {
profileManager.setProfileKey(context, recipient, profile.profileKey!!)
val newProfileKey = profile.profileKey
if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true
&& (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) {
profileManager.setProfileKey(context, recipient, newProfileKey)
profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN)
profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!)
}