mirrors/element-android
1
0
Fork 0
mirror of https://github.com/element-hq/element-android synced 2024-11-27 11:59:12 +03:00
Code Issues Projects Releases Packages Wiki Activity

Prevent injecting a forged encrypted message and using session_id/sender_key of another room.

Browse source
This commit is contained in:
ariskotsomitopoulos 2022-04-28 17:15:46 +03:00 committed by Valere
parent 28a3ae264c
commit d6358dcb16
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt
View file

@ -1354,6 +1354,9 @@ internal class DefaultCryptoService @Inject constructor(
senderKey = sessionInfoPair.second,
sharedHistory = true
)
}?.filter { inboundGroupSession ->
// Prevent injecting a forged encrypted message and using session_id/sender_key of another room.
inboundGroupSession.roomId == roomId
}?.forEach { inboundGroupSession ->
// Share the sharable session to userId with deviceId
val exportedKeys = inboundGroupSession.exportKeys(sharedHistory = true)