From 32911002d4d4296a71881fa12e09a7796b60e962 Mon Sep 17 00:00:00 2001 From: Daniel Gasienica Date: Fri, 16 Mar 2018 15:32:54 -0400 Subject: [PATCH] Verify `makeAttachmentPointer` and `encryptAttachment` arguments The underlying `crypto.subtle.encrypt` API requires it. --- libtextsecure/crypto.js | 7 +++++++ libtextsecure/sendmessage.js | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/libtextsecure/crypto.js b/libtextsecure/crypto.js index 24581401d0..7687e2c547 100644 --- a/libtextsecure/crypto.js +++ b/libtextsecure/crypto.js @@ -87,6 +87,13 @@ }, encryptAttachment: function(plaintext, keys, iv) { + if (!(plaintext instanceof ArrayBuffer) && !ArrayBuffer.isView(plaintext)) { + throw new TypeError( + '`plaintext` must be an `ArrayBuffer` or `ArrayBufferView`; got: ' + + typeof plaintext + ); + } + if (keys.byteLength != 64) { throw new Error("Got invalid length attachment keys"); } diff --git a/libtextsecure/sendmessage.js b/libtextsecure/sendmessage.js index 34072020f1..507029355c 100644 --- a/libtextsecure/sendmessage.js +++ b/libtextsecure/sendmessage.js @@ -116,10 +116,21 @@ function MessageSender(url, username, password, cdn_url) { MessageSender.prototype = { constructor: MessageSender, + +// makeAttachmentPointer :: Attachment -> Promise AttachmentPointerProto makeAttachmentPointer: function(attachment) { if (typeof attachment !== 'object' || attachment == null) { return Promise.resolve(undefined); } + + if (!(attachment.data instanceof ArrayBuffer) && + !ArrayBuffer.isView(attachment.data)) { + return Promise.reject(new TypeError( + '`attachment.data` must be an `ArrayBuffer` or `ArrayBufferView`; got: ' + + typeof attachment.data + )); + } + var proto = new textsecure.protobuf.AttachmentPointer(); proto.key = libsignal.crypto.getRandomBytes(64);