1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-12-22 15:25:48 +01:00

Protect against sending a file to oneself.

When a user sends a file to oneself (which is only possible
as a chat command), then the two file transfer data structures
have the same id, which causes confusion.  We used to detect
this case too late, detect it earlier.

Thanks to J.-J. Sarton for the report.
This commit is contained in:
Juliusz Chroboczek 2024-12-01 21:40:50 +01:00
parent 6f6cce94fa
commit 86eeb3d8cf

View file

@ -2198,6 +2198,7 @@ ServerConnection.prototype.fileTransfer = function(id, username, message) {
'perhaps you need to upgrade your client ?'); 'perhaps you need to upgrade your client ?');
return; return;
} }
let f = new TransferredFile( let f = new TransferredFile(
sc, id, message.id, false, username, sc, id, message.id, false, username,
message.name, message.mimetype, message.size, message.name, message.mimetype, message.size,
@ -2205,6 +2206,15 @@ ServerConnection.prototype.fileTransfer = function(id, username, message) {
f.version = version; f.version = version;
f.state = 'inviting'; f.state = 'inviting';
let fid = f.fullid();
if(fid in sc.transferredFiles) {
sendFileCancel(sc, id, message.id,
'Duplicate file transfer id; ' +
'perhaps you have tried to send a file to yourself?');
return;
}
try { try {
if(sc.onfiletransfer) if(sc.onfiletransfer)
sc.onfiletransfer.call(sc, f); sc.onfiletransfer.call(sc, f);
@ -2217,16 +2227,6 @@ ServerConnection.prototype.fileTransfer = function(id, username, message) {
return; return;
} }
let fid = f.fullid();
if(fid in sc.transferredFiles) {
if(id === sc.id) {
f.cancel('cannot send file to self');
} else {
console.error('Duplicate id for file transfer');
f.cancel("duplicate id (this shouldn't happen)");
}
return;
}
sc.transferredFiles[fid] = f; sc.transferredFiles[fid] = f;
break; break;
} }