aboutsummaryrefslogtreecommitdiff
path: root/lib/connection.cpp
diff options
context:
space:
mode:
authorAlexey Rusakov <Kitsune-Ral@users.sf.net>2022-08-01 18:09:35 +0200
committerAlexey Rusakov <Kitsune-Ral@users.sf.net>2022-09-04 18:42:11 +0200
commit575534e7cca310c6d6195ab16d482bf9dfba755e (patch)
treefe105929f6a248c7df979d686b6902c8bacf84b7 /lib/connection.cpp
parent8e58d28ca0517aeeb43c99bd97ec9ba5ada11c95 (diff)
downloadlibquotient-575534e7cca310c6d6195ab16d482bf9dfba755e.tar.gz
libquotient-575534e7cca310c6d6195ab16d482bf9dfba755e.zip
Disallow direct events construction from JSON
Direct construction (using makeEvent() or explicitly constructing an event) from JSON may create an event that has a type conflicting with that stored in JSON. There's no such problem with loadEvent(), even though it's considerably slower. Driven by the fact that almost nowhere in the code direct construction is used on checked JSON (one test is the only valid case), this commit moves all JSON-loading constructors to the protected section, thereby disabling usage of makeEvent() in JSON-loading capacity, and switches such cases across the library to loadEvent().
Diffstat (limited to 'lib/connection.cpp')
-rw-r--r--lib/connection.cpp10
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/connection.cpp b/lib/connection.cpp
index 471dc20d..a33ace51 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -2242,10 +2242,12 @@ void Connection::saveOlmAccount()
#ifdef Quotient_E2EE_ENABLED
QJsonObject Connection::decryptNotification(const QJsonObject &notification)
{
- auto r = room(notification["room_id"].toString());
- auto event = makeEvent<EncryptedEvent>(notification["event"].toObject());
- const auto decrypted = r->decryptMessage(*event);
- return decrypted ? decrypted->fullJson() : QJsonObject();
+ if (auto r = room(notification["room_id"].toString()))
+ if (auto event =
+ loadEvent<EncryptedEvent>(notification["event"].toObject()))
+ if (const auto decrypted = r->decryptMessage(*event))
+ return decrypted->fullJson();
+ return QJsonObject();
}
Database* Connection::database() const