From 5abf3073d5ed426a1a30515f8cbdc0bc34ba87ae Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Wed, 25 Feb 2015 17:42:47 -0800
Subject: [PATCH] Check END_SESSION messages in processDecrypted

---
 js/background.js         | 10 +++++-----
 js/libtextsecure.js      | 14 +++++++++++++-
 libtextsecure/helpers.js | 14 +++++++++++++-
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/js/background.js b/js/background.js
index 083bed23..bf6b8488 100644
--- a/js/background.js
+++ b/js/background.js
@@ -138,12 +138,12 @@
         // identity key change.
         var source = message.get('source');
         var timestamp = message.get('sent_at');
-        var type = 'incoming';
-        if (source === textsecure.storage.getUnencrypted("number_id").split('.')[0] && pushMessageContent.sync) {
-             type = 'outgoing';
-             timestamp = pushMessageContent.sync.timestamp;
-        }
         return textsecure.processDecrypted(pushMessageContent, source).then(function(pushMessageContent) {
+            var type = 'incoming';
+            if (pushMessageContent.sync) {
+                 type = 'outgoing';
+                 timestamp = pushMessageContent.sync.timestamp;
+            }
             var now = new Date().getTime();
 
             var conversationId = getConversationId(pushMessageContent) || source;
diff --git a/js/libtextsecure.js b/js/libtextsecure.js
index 9fe4b6b4..5ab0f7f2 100644
--- a/js/libtextsecure.js
+++ b/js/libtextsecure.js
@@ -16277,9 +16277,21 @@ textsecure.processDecrypted = function(decrypted, source) {
     if (decrypted.flags == null)
         decrypted.flags = 0;
 
+    if (decrypted.sync !== null && textsecure.utils.unencodeNumber(textsecure.storage.getUnencrypted("number_id"))[0] != source)
+        throw new Error("Got sync context on a message not from a peer device");
+
     if ((decrypted.flags & textsecure.protobuf.PushMessageContent.Flags.END_SESSION)
-                == textsecure.protobuf.PushMessageContent.Flags.END_SESSION)
+                == textsecure.protobuf.PushMessageContent.Flags.END_SESSION) {
+        decrypted.body = null;
+        decrypted.attachments = [];
+        decrypted.group = null;
+        if (decrypted.sync !== null) {
+            // We didn't actually close the session - see axolotl_wrapper
+            // so just throw an error since this message makes no sense
+            throw new Error("Got a sync END_SESSION message");
+        }
         return Promise.resolve(decrypted);
+    }
     if (decrypted.flags != 0) {
         throw new Error("Unknown flags in message");
     }
diff --git a/libtextsecure/helpers.js b/libtextsecure/helpers.js
index c1cc1336..2cf91af4 100644
--- a/libtextsecure/helpers.js
+++ b/libtextsecure/helpers.js
@@ -161,9 +161,21 @@ textsecure.processDecrypted = function(decrypted, source) {
     if (decrypted.flags == null)
         decrypted.flags = 0;
 
+    if (decrypted.sync !== null && textsecure.utils.unencodeNumber(textsecure.storage.getUnencrypted("number_id"))[0] != source)
+        throw new Error("Got sync context on a message not from a peer device");
+
     if ((decrypted.flags & textsecure.protobuf.PushMessageContent.Flags.END_SESSION)
-                == textsecure.protobuf.PushMessageContent.Flags.END_SESSION)
+                == textsecure.protobuf.PushMessageContent.Flags.END_SESSION) {
+        decrypted.body = null;
+        decrypted.attachments = [];
+        decrypted.group = null;
+        if (decrypted.sync !== null) {
+            // We didn't actually close the session - see axolotl_wrapper
+            // so just throw an error since this message makes no sense
+            throw new Error("Got a sync END_SESSION message");
+        }
         return Promise.resolve(decrypted);
+    }
     if (decrypted.flags != 0) {
         throw new Error("Unknown flags in message");
     }