Do not trust external documents from secret chats.

GitOrigin-RevId: e0341ce1e2017c6d0b8ac44e18fc9e03de65ccbe
2019-06-17 16:46:20 +03:00 · 2019-06-17 16:46:20 +03:00 · b75c532f2d
commit b75c532f2d
parent cfc9cc5f28
3 changed files with 23 additions and 11 deletions
--- a/td/telegram/DocumentsManager.cpp
+++ b/td/telegram/DocumentsManager.cpp
@ -215,6 +215,7 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
  bool is_web = false;
  bool is_web_no_proxy = false;
  string url;
+  FileLocationSource source = FileLocationSource::FromServer;
  if (remote_document.document != nullptr) {
    auto document = std::move(remote_document.document);

@ -225,6 +226,15 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
    mime_type = std::move(document->mime_type_);
    file_reference = document->file_reference_.as_slice().str();

+    if (owner_dialog_id.get_type() == DialogType::SecretChat) {
+      // secret_api::decryptedMessageMediaExternalDocument
+      if (document_type != Document::Type::Sticker) {
+        LOG(ERROR) << "Receive " << document_type << " in " << owner_dialog_id;
+        return {};
+      }
+      source = FileLocationSource::FromUser;
+    }
+
    if (document_type != Document::Type::VoiceNote) {
      for (auto &thumb : document->thumbs_) {
        auto photo_size = get_photo_size(td_->file_manager_.get(), {FileType::Thumbnail, 0}, id, access_hash,
@ -302,7 +312,7 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
    }
  }

-  LOG(DEBUG) << "Receive document with id = " << id << " of type " << static_cast<int32>(document_type);
+  LOG(DEBUG) << "Receive document with id = " << id << " of type " << document_type;
  if (!is_web && !DcId::is_valid(dc_id)) {
    LOG(ERROR) << "Wrong dc_id = " << dc_id;
    return {};
@ -321,14 +331,14 @@ Document DocumentsManager::on_get_document(RemoteDocument remote_document, Dialo
  FileId file_id;
  if (!is_web) {
    file_id = td_->file_manager_->register_remote(
-        FullRemoteFileLocation(file_type, id, access_hash, DcId::internal(dc_id), std::move(file_reference)),
-        FileLocationSource::FromServer, owner_dialog_id, size, 0, suggested_file_name);
+        FullRemoteFileLocation(file_type, id, access_hash, DcId::internal(dc_id), std::move(file_reference)), source,
+        owner_dialog_id, size, 0, suggested_file_name);
    if (!encryption_key.empty()) {
      td_->file_manager_->set_encryption_key(file_id, std::move(encryption_key));
    }
  } else if (!is_web_no_proxy) {
-    file_id = td_->file_manager_->register_remote(FullRemoteFileLocation(file_type, url, access_hash),
-                                                  FileLocationSource::FromServer, owner_dialog_id, 0, size, file_name);
+    file_id = td_->file_manager_->register_remote(FullRemoteFileLocation(file_type, url, access_hash), source,
+                                                  owner_dialog_id, 0, size, file_name);
  } else {
    auto r_file_id = td_->file_manager_->from_persistent_id(url, file_type);
    if (r_file_id.is_error()) {
--- a/td/telegram/Photo.cpp
+++ b/td/telegram/Photo.cpp
@ -134,9 +134,11 @@ static FileId register_photo(FileManager *file_manager, const PhotoSizeSource &s
             << "]. Id: (" << id << ", " << access_hash << ")";
  auto suggested_name = PSTRING() << static_cast<uint64>(volume_id) << "_" << static_cast<uint64>(local_id)
                                  << (is_webp ? ".webp" : (is_png ? ".png" : ".jpg"));
+  auto file_location_source = owner_dialog_id.get_type() == DialogType::SecretChat ? FileLocationSource::FromUser
+                                                                                   : FileLocationSource::FromServer;
  return file_manager->register_remote(
      FullRemoteFileLocation(source, id, access_hash, local_id, volume_id, dc_id, std::move(file_reference)),
-      FileLocationSource::FromServer, owner_dialog_id, file_size, 0, std::move(suggested_name));
+      file_location_source, owner_dialog_id, file_size, 0, std::move(suggested_name));
 }

 ProfilePhoto get_profile_photo(FileManager *file_manager, UserId user_id, int64 user_access_hash,
--- a/td/telegram/StickersManager.cpp
+++ b/td/telegram/StickersManager.cpp
@ -1646,7 +1646,6 @@ SecretInputMedia StickersManager::get_secret_input_media(FileId sticker_file_id,
    return {};
  }

-  vector<tl_object_ptr<secret_api::DocumentAttribute>> attributes;
  tl_object_ptr<secret_api::InputStickerSet> input_sticker_set = make_tl_object<secret_api::inputStickerSetEmpty>();
  if (sticker->set_id) {
    const StickerSet *sticker_set = get_sticker_set(sticker->set_id);
@ -1657,12 +1656,13 @@ SecretInputMedia StickersManager::get_secret_input_media(FileId sticker_file_id,
      // TODO load sticker set
    }
  }
-  attributes.push_back(
-      make_tl_object<secret_api::documentAttributeSticker>(sticker->alt, std::move(input_sticker_set)));

+  vector<tl_object_ptr<secret_api::DocumentAttribute>> attributes;
+  attributes.push_back(
+      secret_api::make_object<secret_api::documentAttributeSticker>(sticker->alt, std::move(input_sticker_set)));
  if (sticker->dimensions.width != 0 && sticker->dimensions.height != 0) {
-    attributes.push_back(
-        make_tl_object<secret_api::documentAttributeImageSize>(sticker->dimensions.width, sticker->dimensions.height));
+    attributes.push_back(secret_api::make_object<secret_api::documentAttributeImageSize>(sticker->dimensions.width,
+                                                                                         sticker->dimensions.height));
  }

  if (file_view.is_encrypted_secret()) {