Merge pull request #1189 from csoler/v0.6-SecurityFixes

V0.6 security fixes
This commit is contained in:
csoler 2018-02-24 18:05:26 +01:00 committed by GitHub
commit 062e00d960
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 24 additions and 17 deletions

View File

@ -933,7 +933,9 @@ void RsDataService::locked_clearGrpMetaCache(const RsGxsGroupId& gid)
if(it != mGrpMetaDataCache.end()) if(it != mGrpMetaDataCache.end())
{ {
#ifdef RS_DATA_SERVICE_DEBUG
std::cerr << "(II) moving database cache entry " << (void*)(*it).second << " to dead list." << std::endl; std::cerr << "(II) moving database cache entry " << (void*)(*it).second << " to dead list." << std::endl;
#endif
mOldCachedItems.push_back(std::make_pair(now,it->second)) ; mOldCachedItems.push_back(std::make_pair(now,it->second)) ;
@ -947,7 +949,9 @@ void RsDataService::locked_clearGrpMetaCache(const RsGxsGroupId& gid)
while(it2!=mOldCachedItems.end() && (*it2).first + CACHE_ENTRY_GRACE_PERIOD < now) while(it2!=mOldCachedItems.end() && (*it2).first + CACHE_ENTRY_GRACE_PERIOD < now)
{ {
#ifdef RS_DATA_SERVICE_DEBUG
std::cerr << "(II) deleting old GXS database cache entry " << (void*)(*it2).second << ", " << now - (*it2).first << " seconds old." << std::endl; std::cerr << "(II) deleting old GXS database cache entry " << (void*)(*it2).second << ", " << now - (*it2).first << " seconds old." << std::endl;
#endif
delete (*it2).second ; delete (*it2).second ;
it2 = mOldCachedItems.erase(it2) ; it2 = mOldCachedItems.erase(it2) ;

View File

@ -2886,7 +2886,9 @@ void RsGenExchange::processRecvdMessages()
if(!accept_new_msg || gpsi.mFirstTryTS + VALIDATE_MAX_WAITING_TIME < now) if(!accept_new_msg || gpsi.mFirstTryTS + VALIDATE_MAX_WAITING_TIME < now)
{ {
#ifdef GEN_EXCH_DEBUG
std::cerr << "Pending validation grp=" << gpsi.mId.first << ", msg=" << gpsi.mId.second << ", has exceeded validation time limit. The author's key can probably not be obtained. This is unexpected." << std::endl; std::cerr << "Pending validation grp=" << gpsi.mId.first << ", msg=" << gpsi.mId.second << ", has exceeded validation time limit. The author's key can probably not be obtained. This is unexpected." << std::endl;
#endif
delete gpsi.mItem; delete gpsi.mItem;
pend_it = mMsgPendingValidate.erase(pend_it); pend_it = mMsgPendingValidate.erase(pend_it);

View File

@ -2608,9 +2608,10 @@ void IdDialog::sendInvite()
RsGxsId id(ui->lineEdit_KeyId->text().toStdString()); RsGxsId id(ui->lineEdit_KeyId->text().toStdString());
if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes) //if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes)
{ {
MessageComposer::sendInvite(id); MessageComposer::sendInvite(id,false);
ui->inviteFrame->show(); ui->inviteFrame->show();
ui->inviteButton->setEnabled(false); ui->inviteButton->setEnabled(false);
} }

View File

@ -370,9 +370,9 @@ void MsgItem::sendInvite()
if (!rsMail->getMessage(mMsgId, mi)) if (!rsMail->getMessage(mMsgId, mi))
return; return;
if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes) //if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes)
{ //{
MessageComposer::sendInvite(mi.rsgxsid_srcId); MessageComposer::sendInvite(mi.rsgxsid_srcId,false);
} //}
} }

View File

@ -442,7 +442,7 @@
<item> <item>
<widget class="QLabel" name="infoLabel"> <widget class="QLabel" name="infoLabel">
<property name="text"> <property name="text">
<string notr="true">You get Invite, accept request and send your own Certificate back</string> <string notr="true">This message invites you to make friend! You may accept this request and send your own Certificate back</string>
</property> </property>
</widget> </widget>
</item> </item>

View File

@ -2775,12 +2775,12 @@ QString MessageComposer::inviteMessage()
return tr("Hi,<br>I want to be friends with you on RetroShare.<br>"); return tr("Hi,<br>I want to be friends with you on RetroShare.<br>");
} }
void MessageComposer::sendInvite(const RsGxsId &to, const QString &/*msg*/, bool autoSend) void MessageComposer::sendInvite(const RsGxsId &to, bool autoSend)
{ {
/* create a message */ /* create a message */
MessageComposer *composer = MessageComposer::newMsg(); MessageComposer *composer = MessageComposer::newMsg();
composer->setTitleText(tr("You have a friend invite")); composer->setTitleText(tr("Invite message"));
composer->msgFlags |= RS_MSG_USER_REQUEST; composer->msgFlags |= RS_MSG_USER_REQUEST;
@ -2803,8 +2803,8 @@ void MessageComposer::sendInvite(const RsGxsId &to, const QString &/*msg*/, bool
return; return;
} }
} }
else
//composer->show(); composer->show();
/* window will destroy itself! */ /* window will destroy itself! */
} }

View File

@ -64,7 +64,7 @@ public:
static QString recommendMessage(); static QString recommendMessage();
static void recommendFriend(const std::set <RsPeerId> &sslIds, const RsPeerId &to = RsPeerId(), const QString &msg = "", bool autoSend = false); static void recommendFriend(const std::set <RsPeerId> &sslIds, const RsPeerId &to = RsPeerId(), const QString &msg = "", bool autoSend = false);
static void sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &sslName); static void sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &sslName);
static void sendInvite(const RsGxsId &to = RsGxsId(), const QString &msg = "", bool autoSend = true); static void sendInvite(const RsGxsId &to, bool autoSend);
#ifdef UNUSED_CODE #ifdef UNUSED_CODE
static void sendChannelPublishKey(RsGxsChannelGroup &group); static void sendChannelPublishKey(RsGxsChannelGroup &group);
static void sendForumPublishKey(RsGxsForumGroup &group); static void sendForumPublishKey(RsGxsForumGroup &group);

View File

@ -789,9 +789,9 @@ void MessageWidget::sendInvite()
if (!rsMail->getMessage(currMsgId, mi)) if (!rsMail->getMessage(currMsgId, mi))
return; return;
if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes) //if ((QMessageBox::question(this, tr("Send invite?"),tr("Do you really want send a invite with your Certificate?"),QMessageBox::Yes|QMessageBox::No, QMessageBox::Yes))== QMessageBox::Yes)
{ //{
MessageComposer::sendInvite(mi.rsgxsid_srcId); MessageComposer::sendInvite(mi.rsgxsid_srcId,false);
} //}
} }

View File

@ -415,7 +415,7 @@
<item> <item>
<widget class="QLabel" name="infoLabel"> <widget class="QLabel" name="infoLabel">
<property name="text"> <property name="text">
<string notr="true">You get Invite, accept request and send your own Certificate back</string> <string notr="true">You got an invite to make friend! You may accept this request and send your own Certificate back</string>
</property> </property>
</widget> </widget>
</item> </item>