empathicqubit/Signal-Android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Improve validations on envelope.

Browse source
This commit is contained in:
Greyson Parrelli 2024-09-11 14:45:02 -04:00 committed by GitHub
parent b681b4169f
commit ac10ff4cbe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt
View file

@ -151,7 +151,7 @@ object MessageDecryptor {
Log.d(TAG, "${logPrefix(envelope, cipherResult)} Successfully decrypted the envelope in ${(endTimeNanos - startTimeNanos).nanoseconds.toDouble(DurationUnit.MILLISECONDS).roundedString(2)} ms (GUID ${envelope.serverGuid}). Delivery latency: ${serverDeliveredTimestamp - envelope.serverTimestamp!!} ms, Urgent: ${envelope.urgent}")
val validationResult: EnvelopeContentValidator.Result = EnvelopeContentValidator.validate(envelope, cipherResult.content)
val validationResult: EnvelopeContentValidator.Result = EnvelopeContentValidator.validate(envelope, cipherResult.content, SignalStore.account.aci!!)
if (validationResult is EnvelopeContentValidator.Result.Invalid) {
Log.w(TAG, "${logPrefix(envelope, cipherResult)} Invalid content! ${validationResult.reason}", validationResult.throwable)

14
libsignal-service/src/main/java/org/whispersystems/signalservice/api/messages/EnvelopeContentValidator.kt
View file

@ -8,6 +8,7 @@ import org.signal.libsignal.zkgroup.groups.GroupMasterKey
import org.signal.libsignal.zkgroup.receipts.ReceiptCredentialPresentation
import org.whispersystems.signalservice.api.push.ServiceId
import org.whispersystems.signalservice.api.push.ServiceId.ACI
import org.whispersystems.signalservice.api.push.ServiceId.PNI
import org.whispersystems.signalservice.internal.push.AttachmentPointer
import org.whispersystems.signalservice.internal.push.Content
import org.whispersystems.signalservice.internal.push.DataMessage
@ -28,7 +29,7 @@ import org.whispersystems.signalservice.internal.push.TypingMessage
*/
object EnvelopeContentValidator {
fun validate(envelope: Envelope, content: Content): Result {
fun validate(envelope: Envelope, content: Content, localAci: ACI): Result {
if (envelope.type == Envelope.Type.PLAINTEXT_CONTENT) {
val result: Result? = createPlaintextResultIfInvalid(content)
@ -54,7 +55,7 @@ object EnvelopeContentValidator {
return when {
envelope.story == true && !content.meetsStoryFlagCriteria() -> Result.Invalid("Envelope was flagged as a story, but it did not have any story-related content!")
content.dataMessage != null -> validateDataMessage(envelope, content.dataMessage)
content.syncMessage != null -> validateSyncMessage(envelope, content.syncMessage)
content.syncMessage != null -> validateSyncMessage(envelope, content.syncMessage, localAci)
content.callMessage != null -> Result.Valid
content.nullMessage != null -> Result.Valid
content.receiptMessage != null -> validateReceiptMessage(content.receiptMessage)
@ -145,7 +146,14 @@ object EnvelopeContentValidator {
return Result.Valid
}
private fun validateSyncMessage(envelope: Envelope, syncMessage: SyncMessage): Result {
private fun validateSyncMessage(envelope: Envelope, syncMessage: SyncMessage, localAci: ACI): Result {
// Source serviceId was already determined to be a valid serviceId in general
val sourceServiceId = ServiceId.parseOrThrow(envelope.sourceServiceId!!)
if (sourceServiceId != localAci) {
return Result.Invalid("[SyncMessage] Source was not our own account!")
}
if (syncMessage.sent != null) {
val validAddress = syncMessage.sent.destinationServiceId.isValidServiceId()
val hasDataGroup = syncMessage.sent.message?.groupV2 != null