Reject key requests for users that are not members of the room

2018-07-21 21:40:11 +03:00 · 2018-07-21 21:40:11 +03:00 · 5dfd26abc5
parent a823a43686
commit 5dfd26abc5
3 changed files with 24 additions and 0 deletions
--- a/src/Cache.cpp
+++ b/src/Cache.cpp
@ -1714,6 +1714,19 @@ Cache::getMembers(const std::string &room_id, std::size_t startIndex, std::size_
        return members;
 }

+bool
+Cache::isRoomMember(const std::string &user_id, const std::string &room_id)
+{
+        auto txn = lmdb::txn::begin(env_);
+        auto db  = getMembersDb(txn, room_id);
+
+        lmdb::val value;
+        bool res = lmdb::dbi_get(txn, db, lmdb::val(user_id), value);
+        txn.commit();
+
+        return res;
+}
+
 void
 Cache::saveTimelineMessages(lmdb::txn &txn,
                            const std::string &room_id,
--- a/src/Cache.h
+++ b/src/Cache.h
@ -400,6 +400,9 @@ public:
        void setDeviceList(const std::string &user_id, const std::vector<std::string> &devices);
        std::vector<std::string> getDeviceList(const std::string &user_id);

+        //! Check if a user is a member of the room.
+        bool isRoomMember(const std::string &user_id, const std::string &room_id);
+
        //
        // Outbound Megolm Sessions
        //
--- a/src/Olm.cpp
+++ b/src/Olm.cpp
@ -369,6 +369,14 @@ handle_key_request_message(const mtx::events::msg::KeyRequest &req)
                return;
        }

+        if (!cache::client()->isRoomMember(req.sender, req.room_id)) {
+                nhlog::crypto()->warn(
+                  "user {} that requested the session key is not member of the room {}",
+                  req.sender,
+                  req.room_id);
+                return;
+        }
+
        //
        // Prepare the m.room_key event.
        //