diff --git a/CHANGELOG.md b/CHANGELOG.md
index 928ea944..7af2ceb2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
# Changelog
+## [0.10.2] -- 2022-09-22
+
+### Security release
+
+- Fixes potential secret poisoning by the homeserver
+- A crash when validation malicious html
+
+Thanks to the matrix.org security team for disclosing this issue.
+
+An update is highly recommended. Otherwise you can temporarily protect against
+this issue by not verifying your own devices and not pressing the request button
+in the setting.
+
## [0.10.1] -- 2022-09-07
### Highlights
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8240046e..ba90835c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -107,7 +107,7 @@ include(GNUInstallDirs)
set(CPACK_PACKAGE_VERSION_MAJOR "0")
set(CPACK_PACKAGE_VERSION_MINOR "10")
-set(CPACK_PACKAGE_VERSION_PATCH "1")
+set(CPACK_PACKAGE_VERSION_PATCH "2")
set(PROJECT_VERSION_MAJOR ${CPACK_PACKAGE_VERSION_MAJOR})
set(PROJECT_VERSION_MINOR ${CPACK_PACKAGE_VERSION_MINOR})
set(PROJECT_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH})
diff --git a/appveyor.yml b/appveyor.yml
index 6a08f555..dcbe601c 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -1,6 +1,6 @@
---
-version: 0.10.1-{build}
+version: 0.10.2-{build}
configuration: Release
image: Visual Studio 2022
@@ -29,8 +29,8 @@ build_script:
# VERSION format: branch-master/branch-1.2
# INSTVERSION format: x.y.z
# WINVERSION format: 9999.0.0.123/1.2.0.234
- - if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.1
- - if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.1
+ - if "%APPVEYOR_REPO_TAG%"=="false" set INSTVERSION=0.10.2
+ - if "%APPVEYOR_REPO_TAG%"=="false" set VERSION=0.10.2
- if "%APPVEYOR_REPO_TAG%"=="false" if "%APPVEYOR_REPO_BRANCH%"=="master" set INSTVERSION=9999.0
- if "%APPVEYOR_REPO_TAG%"=="false" set WINVERSION=%INSTVERSION%.0.%APPVEYOR_BUILD_NUMBER%
# VERSION format: v1.2.3/v1.3.4
@@ -92,8 +92,8 @@ after_build:
- copy %BUILD%\deploy\installer\gui\package.xml installer\packages\io.github.nhekoreborn.nheko\meta
- copy %BUILD%\deploy\installer\gui\installscript.qs installer\packages\io.github.nhekoreborn.nheko\meta
# Amend version and date
- - sed -i "s/__VERSION__/0.10.1/" installer\config\config.xml
- - sed -i "s/__VERSION__/0.10.1/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
+ - sed -i "s/__VERSION__/0.10.2/" installer\config\config.xml
+ - sed -i "s/__VERSION__/0.10.2/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
- sed -i "s/__DATE__/%DATE%/" installer\packages\io.github.nhekoreborn.nheko\meta\package.xml
# Copy nheko data
- xcopy NhekoData\*.* installer\packages\io.github.nhekoreborn.nheko\data\*.* /s /e /c /y
diff --git a/resources/nheko.appdata.xml.in b/resources/nheko.appdata.xml.in
index 5d6a87fb..58372b72 100644
--- a/resources/nheko.appdata.xml.in
+++ b/resources/nheko.appdata.xml.in
@@ -61,6 +61,7 @@
https://github.com/Nheko-Reborn/nheko
https://github.com/Nheko-Reborn
+
diff --git a/src/encryption/Olm.cpp b/src/encryption/Olm.cpp
index b53d1ce4..6ab55b32 100644
--- a/src/encryption/Olm.cpp
+++ b/src/encryption/Olm.cpp
@@ -342,10 +342,13 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
if (msg.sender != local_user.to_string())
return;
- auto secret_name = request_id_to_secret_name.find(e->content.request_id);
+ auto secret_name_it = request_id_to_secret_name.find(e->content.request_id);
- if (secret_name != request_id_to_secret_name.end()) {
- nhlog::crypto()->info("Received secret: {}", secret_name->second);
+ if (secret_name_it != request_id_to_secret_name.end()) {
+ auto secret_name = secret_name_it->second;
+ request_id_to_secret_name.erase(secret_name_it);
+
+ nhlog::crypto()->info("Received secret: {}", secret_name);
mtx::events::msg::SecretRequest secretRequest{};
secretRequest.action = mtx::events::msg::RequestAction::Cancellation;
@@ -358,15 +361,24 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
return;
auto deviceKeys = cache::userKeys(local_user.to_string());
+ if (!deviceKeys)
+ return;
+
std::string sender_device_id;
- if (deviceKeys) {
- for (auto &[dev, key] : deviceKeys->device_keys) {
- if (key.keys["curve25519:" + dev] == msg.sender_key) {
- sender_device_id = dev;
- break;
- }
+ for (auto &[dev, key] : deviceKeys->device_keys) {
+ if (key.keys["curve25519:" + dev] == msg.sender_key) {
+ sender_device_id = dev;
+ break;
}
}
+ if (!verificationStatus->verified_devices.count(sender_device_id) ||
+ !verificationStatus->verified_device_keys.count(msg.sender_key) ||
+ verificationStatus->verified_device_keys.at(msg.sender_key) !=
+ crypto::Trust::Verified) {
+ nhlog::net()->critical(
+ "Received secret from unverified device {}! Ignoring!", sender_device_id);
+ return;
+ }
std::map>
@@ -380,19 +392,17 @@ handle_olm_message(const OlmMessage &msg, const UserKeyCache &otherUserDeviceKey
http::client()->send_to_device(
http::client()->generate_txn_id(),
body,
- [name = secret_name->second](mtx::http::RequestErr err) {
+ [secret_name](mtx::http::RequestErr err) {
if (err) {
nhlog::net()->error("Failed to send request cancellation "
"for secrect "
"'{}'",
- name);
+ secret_name);
}
});
- nhlog::crypto()->info("Storing secret {}", secret_name->second);
- cache::client()->storeSecret(secret_name->second, e->content.secret);
-
- request_id_to_secret_name.erase(secret_name);
+ nhlog::crypto()->info("Storing secret {}", secret_name);
+ cache::client()->storeSecret(secret_name, e->content.secret);
}
} else if (auto sec_req = std::get_if>(&device_event)) {