aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/de/pixart/messenger/parser/MessageParser.java
diff options
context:
space:
mode:
authorChristian Schneppe <christian@pix-art.de>2019-09-19 11:35:17 +0200
committerChristian Schneppe <christian@pix-art.de>2019-09-19 11:35:17 +0200
commit2a55037993f2397a2f8bf6f6a99fdd8f26a5a348 (patch)
treeec3234a66ead4cf8fa2b9414deaa82453548e6bd /src/main/java/de/pixart/messenger/parser/MessageParser.java
parentf65fa8fb0bea4ba367a6262a6112547903729162 (diff)
do not finish or repair sessions for untrusted senders
finishing (sending a key transport message in response to pre key message) as well as reparing sessions will leak resource and availability and might in certain situations in group chat leak the Jabber ID. Therefor we disable that. Leaking resource might not be considered harmful by a lot of people however we have always doing similar things with receipts.
Diffstat (limited to 'src/main/java/de/pixart/messenger/parser/MessageParser.java')
-rw-r--r--src/main/java/de/pixart/messenger/parser/MessageParser.java9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/main/java/de/pixart/messenger/parser/MessageParser.java b/src/main/java/de/pixart/messenger/parser/MessageParser.java
index cd747b2d1..3d9b5d881 100644
--- a/src/main/java/de/pixart/messenger/parser/MessageParser.java
+++ b/src/main/java/de/pixart/messenger/parser/MessageParser.java
@@ -218,8 +218,13 @@ public class MessageParser extends AbstractParser implements OnMessagePacketRece
plaintextMessage = service.processReceivingPayloadMessage(xmppAxolotlMessage, postpone);
} catch (BrokenSessionException e) {
if (checkedForDuplicates) {
- service.reportBrokenSessionException(e, postpone);
- return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_FAILED, status);
+ if (service.trustedOrPreviouslyResponded(from.asBareJid())) {
+ service.reportBrokenSessionException(e, postpone);
+ return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_FAILED, status);
+ } else {
+ Log.d(Config.LOGTAG, "ignoring broken session exception because contact was not trusted");
+ return new Message(conversation, "", Message.ENCRYPTION_AXOLOTL_FAILED, status);
+ }
} else {
Log.d(Config.LOGTAG, "ignoring broken session exception because checkForDuplicates failed");
//TODO should be still emit a failed message?