From 84446832719bb8775bb8160fe1101843933a3320 Mon Sep 17 00:00:00 2001 From: Nicolas Werner Date: Sun, 25 Jul 2021 13:51:21 +0200 Subject: [PATCH] Don't send encrypted olm messages to ourselves --- src/Olm.cpp | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/src/Olm.cpp b/src/Olm.cpp index 69503e6e..db4d771f 100644 --- a/src/Olm.cpp +++ b/src/Olm.cpp @@ -212,6 +212,11 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey nhlog::crypto()->info("sender : {}", msg.sender); nhlog::crypto()->info("sender_key: {}", msg.sender_key); + if (msg.sender_key == olm::client()->identity_keys().ed25519) { + nhlog::crypto()->warn("Ignoring olm message from ourselves!"); + return; + } + const auto my_key = olm::client()->identity_keys().curve25519; bool failed_decryption = false; @@ -1089,6 +1094,8 @@ send_encrypted_to_device_messages(const std::map> pks; + auto our_curve = olm::client()->identity_keys().curve25519; + for (const auto &[user, devices] : targets) { auto deviceKeys = cache::client()->userKeys(user); @@ -1122,8 +1129,14 @@ send_encrypted_to_device_messages(const std::mapwarn("Skipping our own device, since sending " + "ourselves olm messages makes no sense."); + continue; + } + + auto session = cache::getLatestOlmSession(device_curve); if (!session || force_new_session) { claims.one_time_keys[user][device] = mtx::crypto::SIGNED_CURVE25519; pks[user][device].ed25519 = d.keys.at("ed25519:" + device); @@ -1137,7 +1150,7 @@ send_encrypted_to_device_messages(const std::map(); try { @@ -1256,8 +1269,8 @@ send_encrypted_to_device_messages(const std::mapquery_keys( req, - [ev_json, BindPks](const mtx::responses::QueryKeys &res, - mtx::http::RequestErr err) { + [ev_json, BindPks, our_curve](const mtx::responses::QueryKeys &res, + mtx::http::RequestErr err) { if (err) { nhlog::net()->warn("failed to query device keys: {} {}", err->matrix_error.error, @@ -1299,6 +1312,13 @@ send_encrypted_to_device_messages(const std::mapwarn( + "Skipping our own device, since sending " + "ourselves olm messages makes no sense."); + continue; + } + try { if (!mtx::crypto::verify_identity_signature( dev.second, device_id, user_id)) {