whisper: serious security issue fixed (#16219)

The diagnostic tool was saving the unencrypted version of the messages, which is an obvious
security flaw. As of this commit:
  * encrypted messages saved instead of plain text.
  * all messages are stored, even that created by the user of wnode.
This commit is contained in:
gluk256 2018-03-01 09:34:46 +01:00 committed by Guillaume Ballet
parent 9b4e182ce5
commit 5a150e1b77
1 changed files with 10 additions and 7 deletions

View File

@ -594,19 +594,22 @@ func writeMessageToFile(dir string, msg *whisper.ReceivedMessage) {
address = crypto.PubkeyToAddress(*msg.Src) address = crypto.PubkeyToAddress(*msg.Src)
} }
if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) { // this is a sample code; uncomment if you don't want to save your own messages.
// message from myself: don't save, only report //if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) {
fmt.Printf("\n%s <%x>: message received: '%s'\n", timestamp, address, name) // fmt.Printf("\n%s <%x>: message from myself received, not saved: '%s'\n", timestamp, address, name)
} else if len(dir) > 0 { // return
//}
if len(dir) > 0 {
fullpath := filepath.Join(dir, name) fullpath := filepath.Join(dir, name)
err := ioutil.WriteFile(fullpath, msg.Payload, 0644) err := ioutil.WriteFile(fullpath, msg.Raw, 0644)
if err != nil { if err != nil {
fmt.Printf("\n%s {%x}: message received but not saved: %s\n", timestamp, address, err) fmt.Printf("\n%s {%x}: message received but not saved: %s\n", timestamp, address, err)
} else { } else {
fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Payload)) fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Raw))
} }
} else { } else {
fmt.Printf("\n%s {%x}: big message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Payload), name) fmt.Printf("\n%s {%x}: message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Raw), name)
} }
} }