From 35593443b519e540f918b15a90f09f98b775d18b Mon Sep 17 00:00:00 2001 From: Duke Leto Date: Sat, 29 May 2021 12:50:47 -0400 Subject: [PATCH] Abort when we see funky stuff from secretstream api --- src/chatmodel.cpp | 21 +++++++++++------- src/mainwindow.cpp | 53 ++++++++++++++++++++++------------------------ 2 files changed, 38 insertions(+), 36 deletions(-) diff --git a/src/chatmodel.cpp b/src/chatmodel.cpp index c6b5663..f4cf2d7 100644 --- a/src/chatmodel.cpp +++ b/src/chatmodel.cpp @@ -477,20 +477,23 @@ Tx MainWindow::createTxFromChatPage() { unsigned char pk[crypto_kx_PUBLICKEYBYTES]; unsigned char server_rx[crypto_kx_SESSIONKEYBYTES], server_tx[crypto_kx_SESSIONKEYBYTES]; - if (crypto_kx_seed_keypair(pk,sk, - MESSAGEAS1) !=0) { + if (crypto_kx_seed_keypair(pk,sk, MESSAGEAS1) !=0) { + this->logger->write("Suspicious keypair, bail out "); + qDebug() << __func__<< ": Suspicious client public outgoing key from crypto_kx_seed_keypair, aborting!"; + return; + } - this->logger->write("Suspicious keypair, bail out "); - } ////////////////Get the pubkey from Bob, so we can create the share key const QByteArray pubkeyBobArray = QByteArray::fromHex(pubkey.toLatin1()); const unsigned char *pubkeyBob = reinterpret_cast(pubkeyBobArray.constData()); - /////Create the shared key for sending the message - if (crypto_kx_server_session_keys(server_rx, server_tx, - pk, sk, pubkeyBob) != 0) { - this->logger->write("Suspicious client public send key, bail out "); + /////Create the shared key for sending the message + + if (crypto_kx_server_session_keys(server_rx, server_tx, pk, sk, pubkeyBob) != 0) { + this->logger->write("Suspicious client public send key, bail out "); + qDebug() << __func__ << ": Suspicious client public send key from crypto_kx_server_session_keys, aborting!"; + return; } @@ -821,6 +824,8 @@ Tx MainWindow::createTxForSafeContactRequest() if (crypto_kx_seed_keypair(pk, sk, MESSAGEAS1) !=0) { this->logger->write("Suspicious client public contact request key, bail out "); + qDebug() << __func__ << ": Suspicious client public send key from crypto_kx_seed_keypair, aborting!"; + return; } QString publicKey = QByteArray(reinterpret_cast(pk), crypto_kx_PUBLICKEYBYTES).toHex(); diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index 05416af..6ab621d 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -1884,21 +1884,22 @@ Tx MainWindow::createTxFromSendChatPage() { unsigned char pk[crypto_kx_PUBLICKEYBYTES]; unsigned char server_rx[crypto_kx_SESSIONKEYBYTES], server_tx[crypto_kx_SESSIONKEYBYTES]; - if (crypto_kx_seed_keypair(pk,sk, - MESSAGEAS1) !=0) { - - this->logger->write("Suspicious keypair, bail out "); - } + if (crypto_kx_seed_keypair(pk,sk, MESSAGEAS1) !=0) { + this->logger->write("Suspicious keypair, bail out "); + qDebug() << __func__ << ": Suspicious client public send key from crypto_kx_seed_keypair, aborting!"; + return; + } ////////////////Get the pubkey from Bob, so we can create the share key const QByteArray pubkeyBobArray = QByteArray::fromHex(pubkey.toLatin1()); const unsigned char *pubkeyBob = reinterpret_cast(pubkeyBobArray.constData()); /////Create the shared key for sending the message - if (crypto_kx_server_session_keys(server_rx, server_tx, - pk, sk, pubkeyBob) != 0) { - this->logger->write("Suspicious client public send key, bail out "); - } + if (crypto_kx_server_session_keys(server_rx, server_tx, pk, sk, pubkeyBob) != 0) { + this->logger->write("Suspicious client public send key, bail out "); + qDebug() << __func__ << ": Suspicious client public send key from crypto_kx_server_session_keys, aborting!"; + return; + } // Let's try to preserve Unicode characters @@ -1937,10 +1938,8 @@ Tx MainWindow::createTxFromSendChatPage() { /////Ciphertext Memo QString memo = QByteArray(reinterpret_cast(ciphertext), CIPHERTEXT_LEN).toHex(); - tx.toAddrs.push_back(ToFields{addr, amtHm, hmemo}); tx.toAddrs.push_back(ToFields{addr, amt, memo}); - } } @@ -2173,21 +2172,22 @@ Tx MainWindow::createTxFromSendRequestChatPage() { unsigned char pk[crypto_kx_PUBLICKEYBYTES]; unsigned char server_rx[crypto_kx_SESSIONKEYBYTES], server_tx[crypto_kx_SESSIONKEYBYTES]; - if (crypto_kx_seed_keypair(pk,sk, - MESSAGEAS1) !=0) { - - this->logger->write("Suspicious keypair, bail out "); - } + if (crypto_kx_seed_keypair(pk,sk, MESSAGEAS1) !=0) { + this->logger->write("Suspicious keypair, bail out "); + qDebug() << __func__<< ": Suspicious client public outgoing key from crypto_kx_seed_keypair, aborting!"; + return; + } ////////////////Get the pubkey from Bob, so we can create the share key const QByteArray pubkeyBobArray = QByteArray::fromHex(pubkey.toLatin1()); const unsigned char *pubkeyBob = reinterpret_cast(pubkeyBobArray.constData()); /////Create the shared key for sending the message - if (crypto_kx_server_session_keys(server_rx, server_tx, - pk, sk, pubkeyBob) != 0) { - this->logger->write("Suspicious client public send key, bail out "); - } + if (crypto_kx_server_session_keys(server_rx, server_tx, pk, sk, pubkeyBob) != 0) { + this->logger->write("Suspicious client public send key, bail out "); + qDebug() << __func__ << ": Suspicious client public send key from crypto_kx_server_session_keys, aborting!"; + return; + } // Let's try to preserve Unicode characters @@ -2417,7 +2417,7 @@ void MainWindow::addNewZaddr(bool sapling) { ui->listReceiveAddresses->insertItem(0, addr); ui->listReceiveAddresses->setCurrentIndex(0); - ui->statusBar->showMessage(QString::fromStdString("Created new zAddr") % + ui->statusBar->showMessage(QString::fromStdString("Created new zaddr") % (sapling ? "(Sapling)" : "(Sprout)"), 10 * 1000); } @@ -2779,11 +2779,8 @@ void MainWindow::slot_change_currency(const QString& currency_name) { saved_currency_name = Settings::getInstance()->get_currency_name(); - } - catch (...) - { - saved_currency_name = "USD"; - + } catch (...) { + saved_currency_name = "BTC"; } } @@ -2845,6 +2842,8 @@ void MainWindow::on_givemeZaddr_clicked() }); } + +// TODO: The way emoji work really need to change, this is madness void MainWindow::on_emojiButton_clicked() { @@ -2961,8 +2960,6 @@ QObject::connect(emoji.sd, &QPushButton::clicked, [&] () { }); - - emojiDialog.exec(); }