web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Validate messages not coming from history-keeper

Browse Source
This commit is contained in:
yflory 2018-04-10 15:10:28 +02:00
parent 2381dd0e39
commit e37aab492b
4 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
www/common/outer/async-store.js
View File

@ -918,8 +918,12 @@ define([
channel.data = padData || {}; channel.data = padData || {};
postMessage("PAD_READY"); postMessage("PAD_READY");
}, // post EV_PAD_READY }, // post EV_PAD_READY
onMessage: function (m) { onMessage: function (user, m, validateKey) {
postMessage("PAD_MESSAGE", m); postMessage("PAD_MESSAGE", {
user: user,
msg: m,
validateKey: validateKey
});
}, // post EV_PAD_MESSAGE }, // post EV_PAD_MESSAGE
onJoin: function (m) { onJoin: function (m) {
postMessage("PAD_JOIN", m); postMessage("PAD_JOIN", m);

2
www/common/outer/chainpad-netflux-worker.js
View File

@ -130,7 +130,7 @@ define([], function () {
message = unBencode(message);//.slice(message.indexOf(':[') + 1); message = unBencode(message);//.slice(message.indexOf(':[') + 1);
// pass the message into Chainpad // pass the message into Chainpad
onMessage(message); onMessage(peer, message, validateKey);
//sframeChan.query('Q_RT_MESSAGE', message, function () { }); //sframeChan.query('Q_RT_MESSAGE', message, function () { });
}; };

13
www/common/sframe-chainpad-netflux-outer.js
View File

@ -39,9 +39,11 @@ define([], function () {
}); });
// shim between chainpad and netflux // shim between chainpad and netflux
var msgIn = function (msg) { var msgIn = function (peer, msg) {
try { try {
var decryptedMsg = Crypto.decrypt(msg, isNewHash); var isHk = peer.length !== 32;
var key = isNewHash ? validateKey : false;
var decryptedMsg = Crypto.decrypt(msg, key, isHk);
return decryptedMsg; return decryptedMsg;
} catch (err) { } catch (err) {
console.error(err); console.error(err);
@ -67,8 +69,11 @@ define([], function () {
padRpc.sendPadMsg(msg, cb); padRpc.sendPadMsg(msg, cb);
}); });
var onMessage = function(msg) { var onMessage = function(msgObj) {
var message = msgIn(msg); if (msgObj.validateKey && !validateKey) {
validateKey = msgObj.validateKey;
}
var message = msgIn(msgObj.user, msgObj.msg);
verbose(message); verbose(message);

4
www/common/sframe-common-outer.js
View File

@ -325,7 +325,9 @@ define([
validateKey: secret.keys.validateKey validateKey: secret.keys.validateKey
}, function (encryptedMsgs) { }, function (encryptedMsgs) {
cb(encryptedMsgs.map(function (msg) { cb(encryptedMsgs.map(function (msg) {
return crypto.decrypt(msg, true); // The 3rd parameter "true" means we're going to skip signature validation.
// We don't need it since the message is already validated serverside by hk
return crypto.decrypt(msg, true, true);
})); }));
}); });
}); });