forbid cache poisoning via botched reset calls
This commit is contained in:
ansuz
5
rpc.js
5
rpc.js
@@ -578,8 +578,7 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
var pins = session.channels = {};
|
var pins = {};
|
||||||
|
|
||||||
getMultipleFileSize(Env, channelList, function (e, sizes) {
|
getMultipleFileSize(Env, channelList, function (e, sizes) {
|
||||||
if (e) { return void cb(e); }
|
if (e) { return void cb(e); }
|
||||||
var pinSize = sumChannelSizes(sizes);
|
var pinSize = sumChannelSizes(sizes);
|
||||||
@@ -606,6 +605,8 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
|
|||||||
pins[channel] = true;
|
pins[channel] = true;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// update in-memory cache IFF the reset was allowed.
|
||||||
|
session.channels = pins;
|
||||||
getHash(Env, publicKey, function (e, hash) {
|
getHash(Env, publicKey, function (e, hash) {
|
||||||
cb(e, hash);
|
cb(e, hash);
|
||||||
});
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user