Verify makeAttachmentPointer and encryptAttachment arguments

The underlying `crypto.subtle.encrypt` API requires it.
2018-03-16 15:32:54 -04:00 · 2018-03-16 15:32:54 -04:00 · 32911002d4
commit 32911002d4
parent 8218e308cd
2 changed files with 18 additions and 0 deletions
--- a/libtextsecure/crypto.js
+++ b/libtextsecure/crypto.js
@ -87,6 +87,13 @@
        },

        encryptAttachment: function(plaintext, keys, iv) {
+            if (!(plaintext instanceof ArrayBuffer) && !ArrayBuffer.isView(plaintext)) {
+              throw new TypeError(
+                '`plaintext` must be an `ArrayBuffer` or `ArrayBufferView`; got: ' +
+                typeof plaintext
+              );
+            }
+
            if (keys.byteLength != 64) {
                throw new Error("Got invalid length attachment keys");
            }
--- a/libtextsecure/sendmessage.js
+++ b/libtextsecure/sendmessage.js
@ -116,10 +116,21 @@ function MessageSender(url, username, password, cdn_url) {

 MessageSender.prototype = {
    constructor: MessageSender,
+
+//  makeAttachmentPointer :: Attachment -> Promise AttachmentPointerProto
    makeAttachmentPointer: function(attachment) {
        if (typeof attachment !== 'object' || attachment == null) {
            return Promise.resolve(undefined);
        }
+
+        if (!(attachment.data instanceof ArrayBuffer) &&
+            !ArrayBuffer.isView(attachment.data)) {
+          return Promise.reject(new TypeError(
+            '`attachment.data` must be an `ArrayBuffer` or `ArrayBufferView`; got: ' +
+            typeof attachment.data
+          ));
+        }
+
        var proto = new textsecure.protobuf.AttachmentPointer();
        proto.key = libsignal.crypto.getRandomBytes(64);