mirror of
https://github.com/oxen-io/session-android.git
synced 2024-12-24 16:57:50 +00:00
fix: checking invalid profileKey lengths on message receive and retrieve profile avatars
This commit is contained in:
parent
8ea0690e3a
commit
c70de069a4
@ -154,8 +154,8 @@ dependencies {
|
||||
testImplementation 'org.robolectric:shadows-multidex:4.4'
|
||||
}
|
||||
|
||||
def canonicalVersionCode = 242
|
||||
def canonicalVersionName = "1.11.14"
|
||||
def canonicalVersionCode = 246
|
||||
def canonicalVersionName = "1.11.15"
|
||||
|
||||
def postFixSize = 10
|
||||
def abiPostFix = ['armeabi-v7a' : 1,
|
||||
|
@ -79,7 +79,7 @@ public class RetrieveProfileAvatarJob extends BaseJob {
|
||||
RecipientDatabase database = DatabaseComponent.get(context).recipientDatabase();
|
||||
byte[] profileKey = recipient.resolve().getProfileKey();
|
||||
|
||||
if (profileKey == null) {
|
||||
if (profileKey == null || (profileKey.length != 32 && profileKey.length != 16)) {
|
||||
Log.w(TAG, "Recipient profile key is gone!");
|
||||
return;
|
||||
}
|
||||
|
@ -185,9 +185,10 @@ fun MessageReceiver.handleVisibleMessage(message: VisibleMessage, proto: SignalS
|
||||
if (name.isNotEmpty()) {
|
||||
profileManager.setName(context, recipient, name)
|
||||
}
|
||||
if (profile.profileKey?.isNotEmpty() == true && profile.profilePictureURL?.isNotEmpty() == true
|
||||
&& (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, profile.profileKey))) {
|
||||
profileManager.setProfileKey(context, recipient, profile.profileKey!!)
|
||||
val newProfileKey = profile.profileKey
|
||||
if (newProfileKey?.isNotEmpty() == true && (newProfileKey.size == 16 || newProfileKey.size == 32) && profile.profilePictureURL?.isNotEmpty() == true
|
||||
&& (recipient.profileKey == null || !MessageDigest.isEqual(recipient.profileKey, newProfileKey))) {
|
||||
profileManager.setProfileKey(context, recipient, newProfileKey)
|
||||
profileManager.setUnidentifiedAccessMode(context, recipient, Recipient.UnidentifiedAccessMode.UNKNOWN)
|
||||
profileManager.setProfilePictureURL(context, recipient, profile.profilePictureURL!!)
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user