Impact
DoS between users
If a user has an invalid assetID for his/her profile picture and it contains the " character it will cause the iOS client to crash.
Patches
When we schedule the request to fetch the invalid asset it's not possible to create the URL object since the path contains an illegal URL character. This will in turn trigger an assertion which crashes the app. We can avoid this by not scheduling a request for fetching an asset with an ID containing invalid characters.
Fix: 35af3f6
Credits
Reported by Kane Gamble.
Impact
DoS between users
If a user has an invalid assetID for his/her profile picture and it contains the " character it will cause the iOS client to crash.
Patches
When we schedule the request to fetch the invalid asset it's not possible to create the URL object since the path contains an illegal URL character. This will in turn trigger an assertion which crashes the app. We can avoid this by not scheduling a request for fetching an asset with an ID containing invalid characters.
Fix: 35af3f6
Credits
Reported by Kane Gamble.