diff options
| author | Alexey Rusakov <Kitsune-Ral@users.sf.net> | 2021-03-04 14:25:21 +0100 |
|---|---|---|
| committer | Alexey Rusakov <Kitsune-Ral@users.sf.net> | 2021-03-04 14:29:12 +0100 |
| commit | 6dc8bc05a95324de512ef7999b47507e712ccb76 (patch) | |
| tree | db2ba277d67fff1b7a2968df853bae5e01ae7f3c /lib/uriresolver.cpp | |
| parent | b5b2d95ce2c8cf164177a86d6293809ff049ca0a (diff) | |
| download | libquotient-6dc8bc05a95324de512ef7999b47507e712ccb76.tar.gz libquotient-6dc8bc05a95324de512ef7999b47507e712ccb76.zip | |
Tighten up against malformed user ids in events
A few months ago 3c85f049 introduced validation of user ids but the rest
of the library code wasn't updated to the fact that Connection::user()
may quite legitimately (if not routinely) return nullptr, leading to
crashes particularaly when malformed ids come from the wire. This commit
adds necessary checks before using the value returned from user().
Closes #456.
Diffstat (limited to 'lib/uriresolver.cpp')
| -rw-r--r-- | lib/uriresolver.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/uriresolver.cpp b/lib/uriresolver.cpp index 27360bcc..e5f19a96 100644 --- a/lib/uriresolver.cpp +++ b/lib/uriresolver.cpp @@ -24,9 +24,9 @@ UriResolveResult UriResolverBase::visitResource(Connection* account, case Uri::UserId: { if (uri.action() == "join") return IncorrectAction; - auto* user = account->user(uri.primaryId()); - Q_ASSERT(user != nullptr); - return visitUser(user, uri.action()); + if (auto* const user = account->user(uri.primaryId())) + return visitUser(user, uri.action()); + return InvalidUri; } case Uri::RoomId: case Uri::RoomAlias: { |