dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ensure that the correct form of a signing key is used

This commit is contained in:
ansuz 2022-08-23 16:08:57 +05:30
parent 183fae6948
commit d05063a5a2
2 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/commands/admin-rpc.js
View File

@ -381,20 +381,15 @@ var isValidKey = key => {
var getUserTotalSize = function (Env, Server, cb, data) { var getUserTotalSize = function (Env, Server, cb, data) {
var signingKey = Array.isArray(data) && data[1]; var signingKey = Array.isArray(data) && data[1];
if (!isValidKey(signingKey)) { return void cb("EINVAL"); } if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
Pinning.getTotalSize(Env, signingKey, cb); // XXX frequently incorrect... var safeKey = Util.escapeKeyCharacters(signingKey);
Pinning.getTotalSize(Env, safeKey, cb);
}; };
var getPinActivity = function (Env, Server, cb, data) { var getPinActivity = function (Env, Server, cb, data) {
var signingKey = Array.isArray(data) && data[1]; var signingKey = Array.isArray(data) && data[1];
if (!isValidKey(signingKey)) { return void cb("EINVAL"); } if (!isValidKey(signingKey)) { return void cb("EINVAL"); }
// the db-worker ensures the signing key is of the appropriate form
Env.getPinActivity(signingKey, function (err, response) { Env.getPinActivity(signingKey, function (err, response) {
// XXX
/*
Env.Log.debug('GET_PIN_ACTIVITY', {
error: err,
response: response,
});
*/
if (err) { return void cb(err && err.code); } if (err) { return void cb(err && err.code); }
cb(void 0, response); cb(void 0, response);
}); });

14
lib/workers/db-worker.js
View File

@ -381,8 +381,8 @@ const getOlderHistory = function (data, cb) {
}; };
const getPinState = function (data, cb) { const getPinState = function (data, cb) {
const safeKey = data.key; if (typeof(data.key) !== 'string') { return void cb('INVALID_KEY'); }
const safeKey = Util.escapeKeyCharacters(data.key);
var ref = {}; var ref = {};
var lineHandler = Pins.createLineHandler(ref, Env.Log.error); var lineHandler = Pins.createLineHandler(ref, Env.Log.error);
@ -504,8 +504,9 @@ const getHashOffset = function (data, cb) {
}; };
const removeOwnedBlob = function (data, cb) { const removeOwnedBlob = function (data, cb) {
if (typeof(data.safeKey) !== 'string') { return void cb("INVALID_KEY"); }
const blobId = data.blobId; const blobId = data.blobId;
const safeKey = data.safeKey; const safeKey = Util.escapeKeyCharacters(data.safeKey);
nThen(function (w) { nThen(function (w) {
// check if you have permissions // check if you have permissions
@ -570,8 +571,9 @@ var reportStatus = function (Env, label, safeKey, err, id, size) {
const completeUpload = function (data, cb) { const completeUpload = function (data, cb) {
if (!data) { return void cb('INVALID_ARGS'); } if (!data) { return void cb('INVALID_ARGS'); }
if (typeof(data.key) !== 'string') { return void cb("INVALID_KEY"); }
var owned = data.owned; var owned = data.owned;
var safeKey = data.safeKey; var safeKey = Util.escapeKeyCharacters(data.safeKey);
var arg = data.arg; var arg = data.arg;
var size = data.size; var size = data.size;
@ -593,9 +595,11 @@ const completeUpload = function (data, cb) {
const getPinActivity = function (data, cb) { const getPinActivity = function (data, cb) {
if (!data) { return void cb("INVALID_ARGS"); } if (!data) { return void cb("INVALID_ARGS"); }
if (typeof(data.key) !== 'string') { return void cb("INVALID_KEY"); }
var safeKey = Util.escapeKeyCharacters(data.key);
var first; var first;
var latest; var latest;
pinStore.getMessages(data.key, line => { pinStore.getMessages(safeKey, line => {
if (!line || !line.trim()) { return; } if (!line || !line.trim()) { return; }
try { try {
var parsed = JSON.parse(line); var parsed = JSON.parse(line);