blah/blahrs
1
0
Fork 0
mirror of https://github.com/Blah-IM/blahrs.git synced 2025-07-07 06:35:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(types,blahd): reject timestamps > i64::MAX

Browse source
This commit is contained in:
oxalica 2024-09-24 20:36:27 -04:00
parent c4fbf1294b
commit a38b59da84
5 changed files with 27 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

18
blah-types/src/identity.rs
View file

@ -29,6 +29,8 @@ pub struct VerifyError(#[from] VerifyErrorImpl);
enum VerifyErrorImpl {
#[error("profile id_key mismatch")]
ProfileIdKeyMismatch,
#[error("act_key[{0}] has invalid expiring timestamp")]
ActKeyTimestamp(usize),
#[error("act_key[{0}] not signed by id_key")]
ActKeySigner(usize),
#[error("invalid act_key[{0}] signature: {1}")]
@ -66,6 +68,9 @@ impl UserIdentityDesc {
{
return Err(VerifyErrorImpl::ActKeySigner(i).into());
}
if i64::try_from(kdesc.expire_time).is_err() {
return Err(VerifyErrorImpl::ActKeyTimestamp(i).into());
}
signed_kdesc
.verify()
.map_err(|err| VerifyErrorImpl::ActKeySignature(i, err))?;
@ -335,6 +340,19 @@ mod tests {
VerifyErrorImpl::ActKeySigner(1),
);
// Timestamp overflows i64.
id_desc.act_keys[1] = UserActKeyDesc {
act_key: act_pub.clone(),
expire_time: u64::MAX,
comment: String::new(),
}
.sign_msg_with(&id_key, &id_priv, TIMESTAMP, rng)
.unwrap();
assert_err!(
id_desc.verify(None, TIMESTAMP),
VerifyErrorImpl::ActKeyTimestamp(1),
);
// OK act key.
id_desc.act_keys[1] = UserActKeyDesc {
act_key: act_pub.clone(),