From e99129ec4238ac9a4271435f7c39e26654269daf Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Wed, 20 May 2015 12:16:37 -0700 Subject: [PATCH] Only populate sync message context if sender == recipient. // FREEBIE --- .../textsecure/api/TextSecureMessageSender.java | 12 ++++++------ .../textsecure/api/crypto/TextSecureCipher.java | 15 +++++++++------ 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/java/src/main/java/org/whispersystems/textsecure/api/TextSecureMessageSender.java b/java/src/main/java/org/whispersystems/textsecure/api/TextSecureMessageSender.java index e1ec160dea..144cbc75a1 100644 --- a/java/src/main/java/org/whispersystems/textsecure/api/TextSecureMessageSender.java +++ b/java/src/main/java/org/whispersystems/textsecure/api/TextSecureMessageSender.java @@ -70,7 +70,7 @@ public class TextSecureMessageSender { private final PushServiceSocket socket; private final AxolotlStore store; - private final TextSecureAddress syncAddress; + private final TextSecureAddress localAddress; private final Optional eventListener; /** @@ -91,7 +91,7 @@ public class TextSecureMessageSender { { this.socket = new PushServiceSocket(url, trustStore, new StaticCredentialsProvider(user, password, null)); this.store = store; - this.syncAddress = new TextSecureAddress(user); + this.localAddress = new TextSecureAddress(user); this.eventListener = eventListener; } @@ -123,7 +123,7 @@ public class TextSecureMessageSender { if (response != null && response.getNeedsSync()) { byte[] syncMessage = createSyncMessageContent(content, Optional.of(recipient), timestamp); - sendMessage(syncAddress, timestamp, syncMessage); + sendMessage(localAddress, timestamp, syncMessage); } if (message.isEndSession()) { @@ -153,7 +153,7 @@ public class TextSecureMessageSender { try { if (response != null && response.getNeedsSync()) { byte[] syncMessage = createSyncMessageContent(content, Optional.absent(), timestamp); - sendMessage(syncAddress, timestamp, syncMessage); + sendMessage(localAddress, timestamp, syncMessage); } } catch (UntrustedIdentityException e) { throw new EncapsulatedExceptions(e); @@ -319,7 +319,7 @@ public class TextSecureMessageSender { { List messages = new LinkedList<>(); - if (!recipient.equals(syncAddress)) { + if (!recipient.equals(localAddress)) { messages.add(getEncryptedMessage(socket, recipient, TextSecureAddress.DEFAULT_DEVICE_ID, plaintext)); } @@ -334,7 +334,7 @@ public class TextSecureMessageSender { throws IOException, UntrustedIdentityException { AxolotlAddress axolotlAddress = new AxolotlAddress(recipient.getNumber(), deviceId); - TextSecureCipher cipher = new TextSecureCipher(store); + TextSecureCipher cipher = new TextSecureCipher(localAddress, store); if (!store.containsSession(axolotlAddress)) { try { diff --git a/java/src/main/java/org/whispersystems/textsecure/api/crypto/TextSecureCipher.java b/java/src/main/java/org/whispersystems/textsecure/api/crypto/TextSecureCipher.java index 3c0b6d261c..1e511f1227 100644 --- a/java/src/main/java/org/whispersystems/textsecure/api/crypto/TextSecureCipher.java +++ b/java/src/main/java/org/whispersystems/textsecure/api/crypto/TextSecureCipher.java @@ -38,8 +38,8 @@ import org.whispersystems.textsecure.api.messages.TextSecureEnvelope; import org.whispersystems.textsecure.api.messages.TextSecureGroup; import org.whispersystems.textsecure.api.messages.TextSecureMessage; import org.whispersystems.textsecure.api.messages.TextSecureSyncContext; +import org.whispersystems.textsecure.api.push.TextSecureAddress; import org.whispersystems.textsecure.internal.push.OutgoingPushMessage; -import org.whispersystems.textsecure.internal.push.PushMessageProtos; import org.whispersystems.textsecure.internal.push.PushTransportDetails; import org.whispersystems.textsecure.internal.util.Base64; @@ -57,10 +57,12 @@ import static org.whispersystems.textsecure.internal.push.PushMessageProtos.Push */ public class TextSecureCipher { - private final AxolotlStore axolotlStore; + private final AxolotlStore axolotlStore; + private final TextSecureAddress localAddress; - public TextSecureCipher(AxolotlStore axolotlStore) { + public TextSecureCipher(TextSecureAddress localAddress, AxolotlStore axolotlStore) { this.axolotlStore = axolotlStore; + this.localAddress = localAddress; } public OutgoingPushMessage encrypt(AxolotlAddress destination, byte[] unpaddedMessage) { @@ -127,7 +129,7 @@ public class TextSecureCipher { private TextSecureMessage createTextSecureMessage(TextSecureEnvelope envelope, PushMessageContent content) { TextSecureGroup groupInfo = createGroupInfo(envelope, content); - TextSecureSyncContext syncContext = createSyncContext(content); + TextSecureSyncContext syncContext = createSyncContext(envelope, content); List attachments = new LinkedList<>(); boolean endSession = ((content.getFlags() & PushMessageContent.Flags.END_SESSION_VALUE) != 0); boolean secure = envelope.isWhisperMessage() || envelope.isPreKeyWhisperMessage(); @@ -143,8 +145,9 @@ public class TextSecureCipher { content.getBody(), syncContext, secure, endSession); } - private TextSecureSyncContext createSyncContext(PushMessageContent content) { - if (!content.hasSync()) return null; + private TextSecureSyncContext createSyncContext(TextSecureEnvelope envelope, PushMessageContent content) { + if (!content.hasSync()) return null; + if (!envelope.getSource().equals(localAddress.getNumber())) return null; return new TextSecureSyncContext(content.getSync().getDestination(), content.getSync().getTimestamp());