From 4a6d28e11882710beeb447e26d39f5e3d7c9a92a Mon Sep 17 00:00:00 2001 From: Scott Nonnenberg Date: Tue, 17 Aug 2021 11:40:55 -0700 Subject: [PATCH] MessageReceiver: Drop blocked senders only after processing SKDMs --- ts/textsecure/MessageReceiver.ts | 56 ++++++++++++++------------------ 1 file changed, 25 insertions(+), 31 deletions(-) diff --git a/ts/textsecure/MessageReceiver.ts b/ts/textsecure/MessageReceiver.ts index 4f95331322b..7b38c456d3e 100644 --- a/ts/textsecure/MessageReceiver.ts +++ b/ts/textsecure/MessageReceiver.ts @@ -290,16 +290,6 @@ export default class MessageReceiver // fault, and we should handle them gracefully and tell the // user they received an invalid message - if (envelope.source && this.isBlocked(envelope.source)) { - request.respond(200, 'OK'); - return; - } - - if (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid)) { - request.respond(200, 'OK'); - return; - } - this.decryptAndCache(envelope, plaintext, request); this.processedCount += 1; } catch (e) { @@ -937,7 +927,7 @@ export default class MessageReceiver const task = createTaskWithTimeout(async (): Promise => { const unsealedEnvelope = await this.unsealEnvelope(stores, envelope); if (!unsealedEnvelope) { - // Envelope was dropped or sender is blocked + // Envelope was dropped return { envelope, plaintext: undefined }; } @@ -1065,11 +1055,8 @@ export default class MessageReceiver unsealedContent: messageContent, }; - const validationResult = await this.validateUnsealedEnvelope(newEnvelope); - if (validationResult && validationResult.isBlocked) { - this.removeFromCache(envelope); - return undefined; - } + // This will throw if there's a problem + this.validateUnsealedEnvelope(newEnvelope); return newEnvelope; } @@ -1144,12 +1131,20 @@ export default class MessageReceiver ); } + if ( + (envelope.source && this.isBlocked(envelope.source)) || + (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid)) + ) { + window.log.info( + 'MessageReceiver.decryptEnvelope: Dropping message from blocked sender' + ); + return { plaintext: undefined, envelope }; + } + return { plaintext, envelope }; } - private async validateUnsealedEnvelope( - envelope: UnsealedEnvelope - ): Promise<{ isBlocked: true } | void> { + private validateUnsealedEnvelope(envelope: UnsealedEnvelope): void { const { unsealedContent: messageContent, certificate } = envelope; strictAssert( messageContent !== undefined, @@ -1160,17 +1155,6 @@ export default class MessageReceiver 'Missing sender certificate for sealed sender message' ); - if ( - (envelope.source && this.isBlocked(envelope.source)) || - (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid)) - ) { - window.log.info( - 'MessageReceiver.validateUnsealedEnvelope: Dropping blocked message ' + - 'after partial sealed sender decryption' - ); - return { isBlocked: true }; - } - if (!envelope.serverTimestamp) { throw new Error( 'MessageReceiver.decryptSealedSender: ' + @@ -1486,7 +1470,7 @@ export default class MessageReceiver const uuid = envelope.sourceUuid; const deviceId = envelope.sourceDevice; - // We don't do a light session reset if it's just a duplicated message + // We don't do anything if it's just a duplicated message if ( error?.message?.includes && error.message.includes('message with old counter') @@ -1503,6 +1487,16 @@ export default class MessageReceiver throw error; } + if ( + (envelope.source && this.isBlocked(envelope.source)) || + (envelope.sourceUuid && this.isUuidBlocked(envelope.sourceUuid)) + ) { + window.log.info( + 'MessageReceiver.decrypt: Error from blocked sender; no further processing' + ); + throw error; + } + if (uuid && deviceId) { const { usmc } = envelope; const event = new DecryptionErrorEvent({