From 4c30996f28bfb6507eb5fb6f730a8769f8d964e3 Mon Sep 17 00:00:00 2001 From: Kitsune Ral Date: Thu, 10 Jan 2019 16:46:57 +0900 Subject: Security fix: require that state events have state_key This has been fixed in the past but got undone after the great remaking of the event types system. Further commits will introduce tests to make sure this does not get undone again. --- lib/events/stateevent.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/events/stateevent.cpp b/lib/events/stateevent.cpp index c4151676..e96614d2 100644 --- a/lib/events/stateevent.cpp +++ b/lib/events/stateevent.cpp @@ -25,13 +25,15 @@ using namespace QMatrixClient; // but the event type is unknown. [[gnu::unused]] static auto stateEventTypeInitialised = RoomEvent::factory_t::addMethod( - [] (const QJsonObject& json, const QString& matrixType) + [] (const QJsonObject& json, const QString& matrixType) -> StateEventPtr { + if (!json.contains("state_key")) + return nullptr; + if (auto e = StateEventBase::factory_t::make(json, matrixType)) return e; - return json.contains("state_key") - ? makeEvent(unknownEventTypeId(), json) - : nullptr; + + return makeEvent(unknownEventTypeId(), json); }); bool StateEventBase::repeatsState() const -- cgit v1.2.3 From e2c0148960e6e2b4595599de94d7a867f13782a0 Mon Sep 17 00:00:00 2001 From: Kitsune Ral Date: Thu, 10 Jan 2019 16:52:31 +0900 Subject: qmc-example: add setTopic test for true and fake state changes --- examples/qmc-example.cpp | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/examples/qmc-example.cpp b/examples/qmc-example.cpp index 4b39b032..421ead27 100644 --- a/examples/qmc-example.cpp +++ b/examples/qmc-example.cpp @@ -5,6 +5,7 @@ #include "csapi/room_send.h" #include "csapi/joining.h" #include "csapi/leaving.h" +#include "events/simplestateevents.h" #include #include @@ -34,6 +35,7 @@ class QMCTest : public QObject void sendFile(); void checkFileSendingOutcome(const QString& txnId, const QString& fileName); + void setTopic(); void addAndRemoveTag(); void sendAndRedact(); bool checkRedactionOutcome(const QString& evtIdToRedact); @@ -168,6 +170,7 @@ void QMCTest::doTests() sendMessage(); sendFile(); + setTopic(); addAndRemoveTag(); sendAndRedact(); markDirectChat(); @@ -327,6 +330,46 @@ void QMCTest::checkFileSendingOutcome(const QString& txnId, QMC_CHECK("File sending", false); }); return true; + }); +} + +void QMCTest::setTopic() +{ + static const char* const stateTestName = "State setting test"; + static const char* const fakeStateTestName = "Fake state event immunity test"; + running.push_back(stateTestName); + running.push_back(fakeStateTestName); + auto initialTopic = targetRoom->topic(); + + const auto newTopic = c->generateTxnId(); + targetRoom->setTopic(newTopic); // Sets the state by proper means + const auto fakeTopic = c->generateTxnId(); + targetRoom->postJson(RoomTopicEvent::matrixTypeId(), // Fake state event + RoomTopicEvent(fakeTopic).contentJson()); + + connectUntil(targetRoom, &Room::topicChanged, this, + [this,newTopic,fakeTopic,initialTopic] { + if (targetRoom->topic() == newTopic) + { + QMC_CHECK(stateTestName, true); + // Don't reset the topic yet if the negative test still runs + if (!running.contains(fakeStateTestName)) + targetRoom->setTopic(initialTopic); + + return true; + } + return false; + }); + + connectUntil(targetRoom, &Room::pendingEventAboutToMerge, this, + [this,fakeTopic,initialTopic] (const RoomEvent* e, int) { + if (e->contentJson().value("topic").toString() != fakeTopic) + return false; // Wait on for the right event + + QMC_CHECK(fakeStateTestName, !e->isStateEvent()); + if (!running.contains(fakeStateTestName)) + targetRoom->setTopic(initialTopic); + return true; }); } -- cgit v1.2.3