mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
fixed bug allowing a peer to alter the flags of lobby items so that they can get displayed in the broadcast channel. Now the checkMessageSecurity() method also checks flags consistency (et toc!)
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6621 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
8549e10d1c
commit
34b8bbb236
@ -163,7 +163,7 @@ int p3ChatService::sendPublicChat(const std::wstring &msg)
|
|||||||
RsChatMsgItem *ci = new RsChatMsgItem();
|
RsChatMsgItem *ci = new RsChatMsgItem();
|
||||||
|
|
||||||
ci->PeerId(*it);
|
ci->PeerId(*it);
|
||||||
ci->chatFlags = 0;
|
ci->chatFlags = RS_CHAT_FLAG_PUBLIC;
|
||||||
ci->sendTime = time(NULL);
|
ci->sendTime = time(NULL);
|
||||||
ci->recvTime = ci->sendTime;
|
ci->recvTime = ci->sendTime;
|
||||||
ci->message = msg;
|
ci->message = msg;
|
||||||
@ -1102,6 +1102,29 @@ bool p3ChatService::checkForMessageSecurity(RsChatMsgItem *ci)
|
|||||||
// <span> <img src="data:image/png;base64,... />
|
// <span> <img src="data:image/png;base64,... />
|
||||||
// <a href="retroshare://…>…</a>
|
// <a href="retroshare://…>…</a>
|
||||||
|
|
||||||
|
// Also check flags. Lobby msgs should have proper flags, but they can be
|
||||||
|
// corrupted by a friend before sending them that can result in e.g. lobby
|
||||||
|
// messages ending up in the broadcast channel, etc.
|
||||||
|
|
||||||
|
uint32_t fl = ci->chatFlags & (RS_CHAT_FLAG_PRIVATE | RS_CHAT_FLAG_PUBLIC | RS_CHAT_FLAG_LOBBY) ;
|
||||||
|
|
||||||
|
std::cerr << "Checking msg flags: " << std::hex << fl << std::endl;
|
||||||
|
|
||||||
|
if(dynamic_cast<RsChatLobbyMsgItem*>(ci) != NULL)
|
||||||
|
{
|
||||||
|
if(fl != (RS_CHAT_FLAG_PRIVATE | RS_CHAT_FLAG_LOBBY))
|
||||||
|
std::cerr << "Warning: received chat lobby message with iconsistent flags " << std::hex << fl << std::dec << " from friend peer " << ci->PeerId() << std::endl;
|
||||||
|
|
||||||
|
ci->chatFlags &= ~RS_CHAT_FLAG_PUBLIC ;
|
||||||
|
}
|
||||||
|
else if(fl!=0 && !(fl == RS_CHAT_FLAG_PRIVATE || fl == RS_CHAT_FLAG_PUBLIC)) // The !=0 is normally not needed, but we keep it for
|
||||||
|
{ // a while, for backward compatibility. It's not harmful.
|
||||||
|
std::cerr << "Warning: received chat lobby message with iconsistent flags " << std::hex << fl << std::dec << " from friend peer " << ci->PeerId() << std::endl;
|
||||||
|
|
||||||
|
std::cerr << "This message will be dropped."<< std::endl;
|
||||||
|
return false ;
|
||||||
|
}
|
||||||
|
|
||||||
return true ;
|
return true ;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1162,7 +1185,8 @@ bool p3ChatService::handleRecvChatMsgItem(RsChatMsgItem *ci)
|
|||||||
if(!locked_checkAndRebuildPartialMessage_deprecated(ci)) // Don't delete ! This function is not handled propoerly for chat lobby msgs, so
|
if(!locked_checkAndRebuildPartialMessage_deprecated(ci)) // Don't delete ! This function is not handled propoerly for chat lobby msgs, so
|
||||||
return true ; // we don't use it in this case.
|
return true ; // we don't use it in this case.
|
||||||
|
|
||||||
checkForMessageSecurity(ci) ;
|
if(!checkForMessageSecurity(ci))
|
||||||
|
return false ;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CHAT_DEBUG
|
#ifdef CHAT_DEBUG
|
||||||
|
Loading…
Reference in New Issue
Block a user