hiro/tdesktop
1
0
Fork 0
mirror of https://github.com/vale981/tdesktop synced 2025-03-06 02:01:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Validate dcOption secrets.

Browse source
This commit is contained in:
John Preston 2019-07-11 12:20:37 +02:00
parent 2fad4e9956
commit cabe06256b
4 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Telegram/SourceFiles/mtproto/connection.cpp
View file

@ -361,7 +361,7 @@ void ConnectionPrivate::appendTestConnection(
_connectionOptions->proxy),
priority
});
auto weak = _testConnections.back().data.get();
const auto weak = _testConnections.back().data.get();
connect(weak, &AbstractConnection::error, [=](int errorCode) {
onError(weak, errorCode);
});

1
Telegram/SourceFiles/mtproto/connection_tcp.cpp
View file

@ -225,6 +225,7 @@ bytes::const_span TcpConnection::Protocol::VersionD::readPacket(
auto TcpConnection::Protocol::Create(bytes::const_span secret)
-> std::unique_ptr<Protocol> {
// See also DcOptions::ValidateSecret.
if ((secret.size() >= 21 && secret[0] == bytes::type(0xEE))
|| (secret.size() == 17 && secret[0] == bytes::type(0xDD))) {
return std::make_unique<VersionD>(

11
Telegram/SourceFiles/mtproto/dc_options.cpp
View file

@ -8,6 +8,7 @@ https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
#include "mtproto/dc_options.h"
#include "storage/serialize_common.h"
#include "mtproto/connection_tcp.h"
namespace MTP {
namespace {
@ -87,6 +88,14 @@ private:
};
bool DcOptions::ValidateSecret(bytes::const_span secret) {
// See also TcpConnection::Protocol::Create.
return (secret.size() >= 21 && secret[0] == bytes::type(0xEE))
|| (secret.size() == 17 && secret[0] == bytes::type(0xDD))
|| (secret.size() == 16)
|| secret.empty();
}
void DcOptions::readBuiltInPublicKeys() {
for (const auto key : PublicRSAKeys) {
const auto keyBytes = bytes::make_span(key, strlen(key));
@ -596,6 +605,8 @@ auto DcOptions::lookup(
} else if (type != DcType::MediaDownload
&& (flags & Flag::f_media_only)) {
continue;
} else if (!ValidateSecret(endpoint.secret)) {
continue;
}
const auto address = (flags & Flag::f_ipv6)
? Variants::IPv6

2
Telegram/SourceFiles/mtproto/dc_options.h
View file

@ -48,6 +48,8 @@ public:
};
[[nodiscard]] static bool ValidateSecret(bytes::const_span secret);
// construct methods don't notify "changed" subscribers.
void constructFromSerialized(const QByteArray &serialized);
void constructFromBuiltIn();