signalapp/Signal-iOS
signalapp/Signal-iOS
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity

Validate incoming edit message target timestamp

Browse Source
This commit is contained in:
Sasha Weiss 2024-05-20 14:14:14 -07:00 committed by GitHub
parent d8a48c67c6
commit fefbf7e5c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
SignalServiceKit/Messages/Edit/EditMessageStore.swift
View File

@ -76,6 +76,11 @@ public class EditMessageStoreImpl: EditMessageStore {
authorAci: Aci?,
tx: DBReadTransaction
) -> EditMessageTarget? {
guard SDS.fitsInInt64(timestamp) else {
owsFailDebug("Received invalid timestamp!")
return nil
}
let transaction = SDSDB.shimOnlyBridge(tx)
let sql = """

12
SignalServiceKit/Messages/MessageReceiver.swift
View File

@ -1594,6 +1594,11 @@ public final class MessageReceiver: Dependencies {
transaction tx: SDSAnyWriteTransaction
) -> EditProcessingResult {
guard SDS.fitsInInt64(editMessage.targetSentTimestamp) else {
Logger.error("Edit message target was invalid timestamp!")
return .invalidEdit
}
guard let transcript = OWSIncomingSentMessageTranscript.from(
sentProto: sentMessage,
serverTimestamp: decryptedEnvelope.serverTimestamp,
@ -1648,13 +1653,18 @@ public final class MessageReceiver: Dependencies {
editMessage: SSKProtoEditMessage,
tx: SDSAnyWriteTransaction
) -> EditProcessingResult {
let decryptedEnvelope = request.decryptedEnvelope
guard SDS.fitsInInt64(editMessage.targetSentTimestamp) else {
Logger.error("Edit message target was invalid timestamp!")
return .invalidEdit
}
guard let dataMessage = editMessage.dataMessage else {
Logger.warn("Missing edit message data.")
return .invalidEdit
}
let decryptedEnvelope = request.decryptedEnvelope
guard let thread = preprocessDataMessage(dataMessage, envelope: decryptedEnvelope, tx: tx) else {
Logger.warn("Missing edit message thread.")
return .invalidEdit