Use unordered_multimap for ingoingQueue

This will avoid the possibility for a malicious node to cause a memory
leak and smash items in incoming queue of others nodes

libretroshare/src/services/p3gxsmails.cpp

@@ -568,19 +568,20 @@ void p3GxsMails::processOutgoingRecord(OutgoingRecord& pr)
 	case GxsMailStatus::PENDING_RECEIPT_RECEIVE:
 	{
 		RS_STACK_MUTEX(ingoingMutex);
-		auto it = ingoingQueue.find(pr.mailItem.mailId);
-		if (it == ingoingQueue.end()) break;
-		RsGxsMailPresignedReceipt* rt =
-		        dynamic_cast<RsGxsMailPresignedReceipt*>(it->second);
-		if( !rt || !idService.isOwnId(rt->meta.mAuthorId) ) break;
-
-		ingoingQueue.erase(it); delete rt;
-		pr.status = GxsMailStatus::RECEIPT_RECEIVED;
-		// TODO: Malicious adversary could forge messages with same mailId and
-		//   could end up overriding the legit receipt in ingoingQueue, and
-		//   causing also a memleak(using unordered_multimap for ingoingQueue
-		//   may fix this?)
+		auto range = ingoingQueue.equal_range(pr.mailItem.mailId);
+		for( auto it = range.first; it != range.second; ++it)
+		{
+			RsGxsMailPresignedReceipt* rt =
+			        dynamic_cast<RsGxsMailPresignedReceipt*>(it->second);
+			if(rt && idService.isOwnId(rt->meta.mAuthorId))
+			{
+				ingoingQueue.erase(it); delete rt;
+				pr.status = GxsMailStatus::RECEIPT_RECEIVED;
+				break;
+			}
+		}
 		// TODO: Resend message if older then treshold
+		break;
 	}
 	case GxsMailStatus::RECEIPT_RECEIVED:
 		break;

libretroshare/src/services/p3gxsmails.h

@@ -18,6 +18,8 @@
  */
 
 #include <stdint.h>
+#include <unordered_map>
+#include <map>
 
 #include "retroshare/rsgxsifacetypes.h" // For RsGxsId, RsGxsCircleId
 #include "gxs/gxstokenqueue.h" // For GxsTokenQueue
@@ -184,7 +186,7 @@ private:
 	RsMutex outgoingMutex;
 	void processOutgoingRecord(OutgoingRecord& r);
 
-	typedef std::map<RsGxsMailId, RsGxsMailBaseItem*> inMap;
+	typedef std::unordered_multimap<RsGxsMailId, RsGxsMailBaseItem*> inMap;
 	inMap ingoingQueue;
 	RsMutex ingoingMutex;