diff options
| author | Tobias Fella <fella@posteo.de> | 2022-03-07 20:20:10 +0100 |
|---|---|---|
| committer | Tobias Fella <fella@posteo.de> | 2022-03-07 20:20:10 +0100 |
| commit | cc7056851f92ba5b6224b5b82413ec55fd6aaa7f (patch) | |
| tree | 28a865023492740f1e14320eb187394507b8cfa6 /lib/connection.cpp | |
| parent | 66918a4c7d393a8b22de7bf23009651dbd919366 (diff) | |
| download | libquotient-cc7056851f92ba5b6224b5b82413ec55fd6aaa7f.tar.gz libquotient-cc7056851f92ba5b6224b5b82413ec55fd6aaa7f.zip | |
Guard against device reuse attacks
Diffstat (limited to 'lib/connection.cpp')
| -rw-r--r-- | lib/connection.cpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/connection.cpp b/lib/connection.cpp index 4abb77a5..ae8532c3 100644 --- a/lib/connection.cpp +++ b/lib/connection.cpp @@ -1998,6 +1998,7 @@ void Connection::Private::loadOutdatedUserDevices() currentQueryKeysJob = nullptr; const auto data = queryKeysJob->deviceKeys(); for(const auto &[user, keys] : asKeyValueRange(data)) { + QHash<QString, Quotient::DeviceKeys> oldDevices = deviceKeys[user]; deviceKeys[user].clear(); for(const auto &device : keys) { if(device.userId != user) { @@ -2019,6 +2020,12 @@ void Connection::Private::loadOutdatedUserDevices() "Skipping this device"; continue; } + if (oldDevices.contains(device.deviceId)) { + if (oldDevices[device.deviceId].keys["ed25519:" % device.deviceId] != device.keys["ed25519:" % device.deviceId]) { + qCDebug(E2EE) << "Device reuse detected. Skipping this device"; + continue; + } + } deviceKeys[user][device.deviceId] = device; } outdatedUsers -= user; |