mirrors/bisq
1
0
Fork 0
mirror of https://github.com/bisq-network/bisq.git synced 2024-11-19 09:52:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

[BUGFIX] Validate Entry.receiversPubKey for MailboxPayloads

Browse Source 
The remove code checks to ensure these fields match, but the add code
never did. This could lead to a situation where a MailboxStoragePayload
could be added, but never removed.
This commit is contained in:
Julian Knutsen 2019-11-14 10:19:28 -08:00
parent 9ffbcf795e
commit bdfe32bd18
No known key found for this signature in database
GPG Key ID: D85F536DB3615B2D
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
p2p/src/main/java/bisq/network/p2p/storage/payload/ProtectedMailboxStorageEntry.java
View File

@ -94,6 +94,13 @@ public class ProtectedMailboxStorageEntry extends ProtectedStorageEntry {
return false;
MailboxStoragePayload mailboxStoragePayload = this.getMailboxStoragePayload();
// Verify the Entry.receiversPubKey matches the Payload.ownerPubKey. This is a requirement for removal
if (!mailboxStoragePayload.getOwnerPubKey().equals(this.receiversPubKey)) {
log.debug("Entry receiversPubKey does not match payload owner which is a requirement for adding MailboxStoragePayloads");
return false;
}
boolean result = mailboxStoragePayload.getSenderPubKeyForAddOperation() != null &&
mailboxStoragePayload.getSenderPubKeyForAddOperation().equals(this.getOwnerPubKey());

5
p2p/src/test/java/bisq/network/p2p/storage/payload/ProtectedMailboxStorageEntryTest.java
View File

@ -94,8 +94,6 @@ public class ProtectedMailboxStorageEntryTest {
}
// TESTCASE: validForAddOperation() should fail if Entry.receiversPubKey and Payload.ownerPubKey don't match
// XXXBUGXXX: The current code doesn't validate this mismatch, but it would create an added payload that could never
// be removed since the remove code requires Entry.receiversPubKey == Payload.ownerPubKey
@Test
public void isValidForAddOperation_EntryReceiverPayloadReceiverMismatch() throws NoSuchAlgorithmException, CryptoException {
KeyPair senderKeys = TestUtils.generateKeyPair();
@ -104,8 +102,7 @@ public class ProtectedMailboxStorageEntryTest {
MailboxStoragePayload mailboxStoragePayload = buildMailboxStoragePayload(senderKeys.getPublic(), receiverKeys.getPublic());
ProtectedStorageEntry protectedStorageEntry = buildProtectedMailboxStorageEntry(mailboxStoragePayload, senderKeys, senderKeys.getPublic(), 1);
// should be assertFalse
Assert.assertTrue(protectedStorageEntry.isValidForAddOperation());
Assert.assertFalse(protectedStorageEntry.isValidForAddOperation());
}
// TESTCASE: validForAddOperation() should fail if the signature isn't valid