Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash on sync (Malformed userId) #456

Closed
Midek opened this issue Feb 26, 2021 · 3 comments
Closed

Crash on sync (Malformed userId) #456

Midek opened this issue Feb 26, 2021 · 3 comments
Assignees
@KitsuneRal
Labels
crash A crash occurs in the library code security Security- or privacy-related issue
Projects
libQuotient 1

Comments

@Midek
Copy link

Midek commented Feb 26, 2021

Description

After loging in to my account, quaternion tries to sync and segfaults, pointing at a malformed user Id:

quotient.main: Malformed userId: "@a_null_punisher:nerdsin.space,"
quotient.main: Could not get a user object for "@a_null_punisher:nerdsin.space,"
quotient.main: Malformed userId: "@a_null_punisher:nerdsin.space,"
zsh: segmentation fault (core dumped)  quaternion

this likely related to a ban event that had a typo:

              "content": {
                "membership": "ban",
                "reason": "Account of banned user"
              },
              "origin_server_ts": 1612936420977,
              "sender": "@abuse:glowers.club",
              "state_key": "@a_null_punisher:nerdsin.space,",
              "type": "m.room.member",
              "unsigned": {
                "age": 1391916011
              },
              "event_id": "$go250HDglZ6rzR2aKluhe1ExU9IG_fQe1EK6L1dNYnA"
            },

Steps to reproduce

  • Have someone send a broken ban event
  • quaternion crashes, and trying to restart crashes every time

Expected behavior:
Quaternion ignores malformed id and keeps working

Version information

  • Quaternion version: 0.0.9.5-3
  • Qt version: 5.15.2-5
  • Install method: Archlinux AUR
  • Platform: Arch GNU/Linux
@KitsuneRal KitsuneRal transferred this issue from quotient-im/Quaternion Feb 26, 2021
@KitsuneRal
Copy link
Member

Thanks - the current code is indeed too sensitive to user ids.

@KitsuneRal KitsuneRal added the crash A crash occurs in the library code label Feb 26, 2021
@KitsuneRal KitsuneRal added this to In work in libQuotient 1 Feb 26, 2021
@KitsuneRal KitsuneRal self-assigned this Mar 4, 2021
KitsuneRal added a commit that referenced this issue Mar 4, 2021
@KitsuneRal
Tighten up against malformed user ids in events
78b72e7 
A few months ago 3c85f04 introduced validation of user ids but the rest
of the library code wasn't updated to the fact that Connection::user()
may quite legitimately (if not routinely) return nullptr, leading to
crashes particularaly when malformed ids come from the wire. This commit
adds necessary checks before using the value returned from user().

Closes #456.
KitsuneRal added a commit that referenced this issue Mar 4, 2021
@KitsuneRal
Tighten up against malformed user ids in events
6dc8bc0 
A few months ago 3c85f04 introduced validation of user ids but the rest
of the library code wasn't updated to the fact that Connection::user()
may quite legitimately (if not routinely) return nullptr, leading to
crashes particularaly when malformed ids come from the wire. This commit
adds necessary checks before using the value returned from user().

Closes #456.
@KitsuneRal KitsuneRal moved this from In work to Version 0.6 - Released in libQuotient 1 Mar 19, 2021
@KitsuneRal KitsuneRal added the security Security- or privacy-related issue label Mar 28, 2021
@KitsuneRal
Copy link
Member

For the record: problematic libQuotient versions are 0.6.2 through 0.6.5. Within 0.6.x branch, upgrade to 0.6.6 is strongly recommended.

@KitsuneRal
Copy link
Member

Closed by the commit listed above.

libQuotient 1 automation moved this from Version 0.6 - Released to Version 0.7 - Done Aug 24, 2021
@KitsuneRal KitsuneRal moved this from Version 0.7 - Done to Version 0.6 - Released in libQuotient 1 Aug 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KitsuneRal KitsuneRal

Labels
crash A crash occurs in the library code security Security- or privacy-related issue
Projects
libQuotient 1
Status: Version 0.6 - Released
libQuotient 1
  
Version 0.6 - Released
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Midek @KitsuneRal