Merge pull request #1141 from csoler/v0.6-SecurityFixes

V0.6 security fixes
This commit is contained in:
csoler 2018-01-03 15:03:23 +01:00 committed by GitHub
commit 0a92710b0c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 8 deletions

View File

@ -1403,13 +1403,33 @@ bool DistributedChatService::acceptLobbyInvite(const ChatLobbyId& lobby_id,const
return false;
}
std::map<ChatLobbyId,VisibleChatLobbyRecord>::const_iterator vid = _visible_lobbies.find(lobby_id) ;
if(_visible_lobbies.end() == vid)
{
std::cerr << " (EE) Cannot subscribe a non visible chat lobby!!" << std::endl;
return false ;
}
RsIdentityDetails det ;
if( (!rsIdentity->getIdDetails(identity,det)) || !(det.mFlags & RS_IDENTITY_FLAGS_IS_OWN_ID))
{
std::cerr << " (EE) Cannot subscribe with identity " << identity << " because it is not ours! Something's wrong here." << std::endl;
return false ;
}
if( (vid->second.lobby_flags & RS_CHAT_LOBBY_FLAGS_PGP_SIGNED ) && !(det.mFlags & RS_IDENTITY_FLAGS_PGP_LINKED))
{
std::cerr << " (EE) Cannot subscribe with identity " << identity << " because it is unsigned and the lobby requires signed ids only." << std::endl;
return false ;
}
if(_chat_lobbys.find(lobby_id) != _chat_lobbys.end())
{
std::cerr << " (II) Lobby already exists. Weird." << std::endl;
return true ;
}
#ifdef DEBUG_CHAT_LOBBIES
std::cerr << " Creating new Lobby entry." << std::endl;
#endif
@ -1491,11 +1511,12 @@ void DistributedChatService::denyLobbyInvite(const ChatLobbyId& lobby_id)
bool DistributedChatService::joinVisibleChatLobby(const ChatLobbyId& lobby_id,const RsGxsId& gxs_id)
{
if(!mGixs->isOwnId(gxs_id))
{
std::cerr << "(EE) Cannot lobby using gxs id " << gxs_id << std::endl;
return false ;
}
RsIdentityDetails det ;
if( (!rsIdentity->getIdDetails(gxs_id,det)) || !(det.mFlags & RS_IDENTITY_FLAGS_IS_OWN_ID))
{
std::cerr << " (EE) Cannot subscribe with identity " << gxs_id << " because it is not ours! Something's wrong here." << std::endl;
return false ;
}
#ifdef DEBUG_CHAT_LOBBIES
std::cerr << "Joining public chat lobby " << std::hex << lobby_id << std::dec << std::endl;
@ -1527,6 +1548,12 @@ bool DistributedChatService::joinVisibleChatLobby(const ChatLobbyId& lobby_id,co
return true ;
}
if( (it->second.lobby_flags & RS_CHAT_LOBBY_FLAGS_PGP_SIGNED ) && !(det.mFlags & RS_IDENTITY_FLAGS_PGP_LINKED))
{
std::cerr << " (EE) Cannot subscribe with identity " << gxs_id << " because it is unsigned and the lobby requires signed ids only." << std::endl;
return false ;
}
#ifdef DEBUG_CHAT_LOBBIES
std::cerr << " Creating new lobby entry." << std::endl;
#endif

View File

@ -1078,17 +1078,38 @@ void ChatLobbyWidget::readChatLobbyInvites()
RsGxsId default_id ;
rsMsgs->getDefaultIdentityForChatLobby(default_id) ;
std::list<ChatLobbyId> subscribed_lobbies ;
rsMsgs->getChatLobbyList(subscribed_lobbies) ;
for(std::list<ChatLobbyInvite>::const_iterator it(invites.begin());it!=invites.end();++it)
{
// first check if the lobby is already subscribed. If so, just ignore the request.
bool found = false ;
for(auto it2(subscribed_lobbies.begin());it2!=subscribed_lobbies.end() && !found;++it2)
found = found || (*it2 == (*it).lobby_id) ;
if(found)
continue ;
QMessageBox mb(QObject::tr("Join chat room"),
tr("%1 invites you to chat room named %2").arg(QString::fromUtf8(rsPeers->getPeerName((*it).peer_id).c_str())).arg(RsHtml::plainText(it->lobby_name)),
QMessageBox::Question, QMessageBox::Yes,QMessageBox::No, 0);
QLabel *label = new QLabel(tr("Choose an identity for this chat room:"));
QLabel *label ;
GxsIdChooser *idchooser = new GxsIdChooser ;
idchooser->loadIds(IDCHOOSER_ID_REQUIRED,default_id) ;
if( (*it).lobby_flags & RS_CHAT_LOBBY_FLAGS_PGP_SIGNED )
{
idchooser->loadIds(IDCHOOSER_ID_REQUIRED | IDCHOOSER_NON_ANONYMOUS,default_id) ;
label = new QLabel(tr("Choose a non anonymous identity for this chat room:"));
}
else
{
idchooser->loadIds(IDCHOOSER_ID_REQUIRED,default_id) ;
label = new QLabel(tr("Choose an identity for this chat room:"));
}
QGridLayout* layout = qobject_cast<QGridLayout*>(mb.layout());
if (layout) {

View File

@ -227,6 +227,7 @@ void IdEditDialog::enforceNoAnonIds()
{
ui->radioButton_GpgId->setChecked(true);
ui->radioButton_GpgId->setEnabled(false);
ui->radioButton_Pseudo->setEnabled(false);
}
void IdEditDialog::loadExistingId(uint32_t token)