OfficialDakari
/
matrix-dart-sdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Don't allow transitive trust unless it is for ouself

This commit is contained in:
Sorunome 2021-02-15 12:19:05 +01:00
parent 41522e868d
commit 681b27e269
No known key found for this signature in database
GPG Key ID: B19471D07FC9BE9C
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/src/utils/device_keys_list.dart
View File

@ -229,6 +229,10 @@ abstract class SignableKey extends MatrixSignableKey {
!client.userDeviceKeys.containsKey(otherUserId)) { !client.userDeviceKeys.containsKey(otherUserId)) {
continue; continue;
} }
// we don't allow transitive trust unless it is for ourself
if (otherUserId != userId && otherUserId != client.userID) {
continue;
}
for (final signatureEntry in signatureEntries.value.entries) { for (final signatureEntry in signatureEntries.value.entries) {
final fullKeyId = signatureEntry.key; final fullKeyId = signatureEntry.key;
final signature = signatureEntry.value; final signature = signatureEntry.value;