Commit 26de8c4d authored by Marco Simonelli's avatar Marco Simonelli Committed by MarcoSi1214
Browse files

- getProofData now supports v3

- fixed potential vulnerability where messages over 2gb can cause an
    int overflow (I'm not 100% sure if QT checks for overflows)
- fixed regex for id checking
- increase window size to accomodate v3 id length
parent a656ef16
......@@ -33,8 +33,7 @@
#include "ContactIDValidator.h"
// 2-7, not 0-9, as base32 only contains A-Z 2-7
static QRegularExpression regex(QStringLiteral("(torsion|ricochet):([a-z2-7]{16})"));
static QRegularExpression regexV3(QStringLiteral("(torsion|ricochet):([a-z2-7]{56})"));
static QRegularExpression regex(QStringLiteral("(torsion|ricochet):(([a-z2-7]{56})|([a-z2-7]{16}))"));
ContactIDValidator::ContactIDValidator(QObject *parent)
: QRegularExpressionValidator(parent), m_uniqueIdentity(0)
......@@ -84,7 +83,7 @@ void ContactIDValidator::fixup(QString &text) const
bool ContactIDValidator::isValidID(const QString &text)
{
return (regex.match(text).hasMatch() || regexV3.match(text).hasMatch());
return regex.match(text).hasMatch();
}
QString ContactIDValidator::hostnameFromID(const QString &ID)
......
......@@ -201,6 +201,7 @@ void AuthHiddenServiceChannel::sendAuthMessage()
}
// get the public key
// TODO: check if V3 public key is empty, if it isn't then we are using v3
QByteArray publicKey = d->privateKey.encodedPublicKey(CryptoKey::DER);
if (publicKey.size() > 150) {
BUG() << "Unexpected size for encoded public key";
......@@ -254,13 +255,14 @@ void AuthHiddenServiceChannel::sendAuthMessage()
*/
QByteArray AuthHiddenServiceChannelPrivate::getProofData(const QString &client)
{
// TODO: add v3 compatibility
// TODO: change if condition to make v3 compatible. V2 has 16 chars ricochet: <ID>. V3 has 52.
// FIXME: Currently, clientHostname is empty string, client didn't get passed correctly from parameters.
QByteArray serverHostname = connection->serverHostname().toLatin1().mid(0, 16);
if(!client.endsWith(QLatin1String(".onion")));
return QByteArray();
QByteArray serverHostname = connection->serverHostname().replace(QLatin1String(".onion"), QLatin1String("")).toLatin1();
QByteArray clientHostname = client.toLatin1();
if (clientHostname.size() != 16 || serverHostname.size() != 16) {
if ((clientHostname.size() != 16 || serverHostname.size() != 16) ||
(clientHostname.size() != 56 || serverHostname.size() != 56)) {
BUG() << "AuthHiddenServiceChannel can't figure out the client and server hostnames";
return QByteArray();
}
......
......@@ -118,7 +118,7 @@ bool ChatChannel::sendChatMessageWithId(QString text, QDateTime time, MessageId
if (text.isEmpty()) {
BUG() << "Chat message is empty, and it should've been discarded";
return false;
} else if (text.size() > MessageMaxCharacters) {
} else if (text.size() > MessageMaxCharacters || text.size() < 0) {
BUG() << "Chat message is too long (" << text.size() << "characters), and it should've been limited already. Truncated.";
text.truncate(MessageMaxCharacters);
}
......@@ -152,7 +152,9 @@ void ChatChannel::handleChatMessage(const Data::Chat::ChatMessage &message)
} else if (text.isEmpty()) {
qWarning() << "Rejected empty chat message";
response->set_accepted(false);
} else if (text.size() > MessageMaxCharacters) {
} else if (text.size() > MessageMaxCharacters || text.size() < 0) { // QT sdk specifies that QString::size returns an int
// Check that the message isn't *ridiculously* huge and
// hasn't overflowed the return int
qWarning() << "Rejected oversize chat message of" << text.size() << "characters";
response->set_accepted(false);
} else {
......
......@@ -4,7 +4,7 @@ import QtQuick.Layouts 1.0
ApplicationWindow {
id: addContactWindow
width: 400
width: 620
height: 300
minimumWidth: width
maximumWidth: width
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment