fix: Decrypt of last event might make an old message as last event

We should only decrypt the last message in room if it is the current last message. By just fetching the state we might bring up an old encrypted message which is not really the last event.
2022-08-21 14:10:29 +02:00 · 2022-08-21 14:10:29 +02:00 · 994faf1012
parent d090c0e718
commit 994faf1012
1 changed files with 13 additions and 4 deletions
--- a/lib/encryption/key_manager.dart
+++ b/lib/encryption/key_manager.dart
@ -183,9 +183,14 @@ class KeyManager {
    final room = client.getRoomById(roomId);
    if (room != null) {
      // attempt to decrypt the last event
-      final event = room.getState(EventTypes.Encrypted);
-      if (event != null && event.content['session_id'] == sessionId) {
-        room.setState(encryption.decryptRoomEventSync(roomId, event));
+      final event = room.lastEvent;
+      if (event != null &&
+          event.type == EventTypes.Encrypted &&
+          event.content['session_id'] == sessionId) {
+        final decrypted = encryption.decryptRoomEventSync(roomId, event);
+        if (decrypted.type != EventTypes.Encrypted) {
+          room.setState(decrypted);
+        }
      }
      // and finally broadcast the new session
      room.onSessionKeyReceived.add(sessionId);
@ -887,7 +892,11 @@ class KeyManager {
      // we *received* an incoming key request
      final encryptedContent = event.encryptedContent;
      if (encryptedContent == null) {
-        return; // event wasn't encrypted, this is a security risk
+        Logs().w(
+          'Ignoring an unencrypted forwarded key from a to device message',
+          event.toJson(),
+        );
+        return;
      }
      final request = outgoingShareRequests.values.firstWhereOrNull((r) =>
          r.room.id == event.content['room_id'] &&