andreacavalli/tdlib-fork
Archived
1
0
Fork 0
Code Pull Requests Releases Activity

Check new salt length.

Browse Source 
GitOrigin-RevId: 7f49a0e34dcc33586c05dbab66a02017d94633b2
This commit is contained in:
levlam 2018-04-06 15:20:20 +03:00
parent 3c9599b8aa
commit f7826ec41a
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
td/telegram/PasswordManager.cpp
View File

@ -296,9 +296,10 @@ void PasswordManager::update_password_settings(UpdateSettings update_settings, P
namespace { namespace {
BufferSlice create_salt(Slice server_salt) { BufferSlice create_salt(Slice server_salt) {
BufferSlice new_salt(server_salt.size() + 32); static constexpr size_t ADDED_SALT_SIZE = 32;
BufferSlice new_salt(server_salt.size() + ADDED_SALT_SIZE);
new_salt.as_slice().copy_from(server_salt); new_salt.as_slice().copy_from(server_salt);
Random::secure_bytes(new_salt.as_slice().remove_prefix(server_salt.size())); Random::secure_bytes(new_salt.as_slice().substr(server_salt.size()));
return new_salt; return new_salt;
} }
} // namespace } // namespace
@ -390,13 +391,11 @@ void PasswordManager::do_get_state(Promise<PasswordState> promise) {
send_with_promise(std::move(query), PromiseCreator::lambda([actor_id = actor_id(this), promise = std::move(promise)]( send_with_promise(std::move(query), PromiseCreator::lambda([actor_id = actor_id(this), promise = std::move(promise)](
Result<NetQueryPtr> r_query) mutable { Result<NetQueryPtr> r_query) mutable {
if (r_query.is_error()) { if (r_query.is_error()) {
promise.set_error(r_query.move_as_error()); return promise.set_error(r_query.move_as_error());
return;
} }
auto r_result = fetch_result<telegram_api::account_getPassword>(r_query.move_as_ok()); auto r_result = fetch_result<telegram_api::account_getPassword>(r_query.move_as_ok());
if (r_result.is_error()) { if (r_result.is_error()) {
promise.set_error(r_result.move_as_error()); return promise.set_error(r_result.move_as_error());
return;
} }
auto result = r_result.move_as_ok(); auto result = r_result.move_as_ok();
@ -426,6 +425,12 @@ void PasswordManager::do_get_state(Promise<PasswordState> promise) {
UNREACHABLE(); UNREACHABLE();
} }
Random::add_seed(secure_random); Random::add_seed(secure_random);
if (state.new_secure_salt.size() < MIN_NEW_SECURE_SALT_SIZE) {
return promise.set_error(Status::Error(500, "New secure salt length too small"));
}
if (state.new_salt.size() < MIN_NEW_SALT_SIZE) {
return promise.set_error(Status::Error(500, "New salt length too small"));
}
promise.set_value(std::move(state)); promise.set_value(std::move(state));
})); }));
} }

3
td/telegram/PasswordManager.h
View File

@ -68,6 +68,9 @@ class PasswordManager : public NetQueryCallback {
static TempPasswordState get_temp_password_state_sync(); static TempPasswordState get_temp_password_state_sync();
private: private:
static constexpr size_t MIN_NEW_SALT_SIZE = 8;
static constexpr size_t MIN_NEW_SECURE_SALT_SIZE = 8;
ActorShared<> parent_; ActorShared<> parent_;
struct PasswordState { struct PasswordState {