KeyVerificationSession: be more vigilant with the received commitment

The commitment is now checked to actually be valid base64 as we receive it. Also, it is stored as QByteArray now - thanks to QString and QByteArray having the same layout (3 pointers + alignment) we can get away with this without breaking ABI compat.
quotient-im · Nov 20, 2024 · 9e8d10a · 9e8d10a
1 parent efd12a6
commit 9e8d10a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/Quotient/keyverificationsession.cpp b/Quotient/keyverificationsession.cpp
@@ -164,7 +164,12 @@ void KeyVerificationSession::handleEvent(const KeyVerificationEvent& baseEvent)
                     cancelVerification(UNKNOWN_METHOD);
                     return false;
                 }
-                m_commitment = event.commitment();
+                m_commitment = event.commitment().toLatin1();
+                if (!QByteArray::fromBase64Encoding(m_commitment,
+                                                   QByteArray::AbortOnBase64DecodingErrors)) {
+                    cancelVerification(INVALID_MESSAGE);
+                    return false;
+                }
                 sendKey();
                 setState(WAITINGFORKEY);
                 return true;
@@ -228,12 +233,10 @@ void KeyVerificationSession::handleKey(const KeyVerificationKeyEvent& event)
     olm_sas_set_their_key(olmData, eventKey.data(), unsignedSize(eventKey));
 
     if (startSentByUs) {
-        const auto paddedCommitment =
+        const auto unpaddedCommitment =
             QCryptographicHash::hash((event.key() % m_startEvent).toLatin1(),
                                      QCryptographicHash::Sha256)
-                .toBase64();
-        const QLatin1String unpaddedCommitment(paddedCommitment.constData(),
-                                               QString::fromLatin1(paddedCommitment).indexOf(u'='));
+                .toBase64(QByteArray::OmitTrailingEquals);
         if (unpaddedCommitment != m_commitment) {
             qCWarning(E2EE) << "Commitment mismatch; aborting verification";
             cancelVerification(MISMATCHED_COMMITMENT);

diff --git a/Quotient/keyverificationsession.h b/Quotient/keyverificationsession.h
@@ -158,7 +158,7 @@ public Q_SLOTS:
     State m_state = INCOMING;
     Error m_error = NONE;
     QString m_startEvent{};
-    QString m_commitment{};
+    QByteArray m_commitment{};
     bool macReceived = false;
     bool m_verified = false;
     QString m_pendingEdKeyId{};