diff options
author | gluk256 <gluk256@users.noreply.github.com> | 2018-03-01 16:34:46 +0800 |
---|---|---|
committer | Guillaume Ballet <gballet@gmail.com> | 2018-03-01 16:34:46 +0800 |
commit | 5a150e1b7724c91009a237ab0879cd64844b390d (patch) | |
tree | 04d9f170d361f6094f870e0f5d2b3f625abbe1d1 /cmd/wnode | |
parent | 9b4e182ce5c0a82799cc3c455444c18c664fa996 (diff) | |
download | dexon-5a150e1b7724c91009a237ab0879cd64844b390d.tar.gz dexon-5a150e1b7724c91009a237ab0879cd64844b390d.tar.zst dexon-5a150e1b7724c91009a237ab0879cd64844b390d.zip |
whisper: serious security issue fixed (#16219)
The diagnostic tool was saving the unencrypted version of the messages, which is an obvious
security flaw. As of this commit:
* encrypted messages saved instead of plain text.
* all messages are stored, even that created by the user of wnode.
Diffstat (limited to 'cmd/wnode')
-rw-r--r-- | cmd/wnode/main.go | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/cmd/wnode/main.go b/cmd/wnode/main.go index 0f86adb81..f8606bf82 100644 --- a/cmd/wnode/main.go +++ b/cmd/wnode/main.go @@ -594,19 +594,22 @@ func writeMessageToFile(dir string, msg *whisper.ReceivedMessage) { address = crypto.PubkeyToAddress(*msg.Src) } - if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) { - // message from myself: don't save, only report - fmt.Printf("\n%s <%x>: message received: '%s'\n", timestamp, address, name) - } else if len(dir) > 0 { + // this is a sample code; uncomment if you don't want to save your own messages. + //if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) { + // fmt.Printf("\n%s <%x>: message from myself received, not saved: '%s'\n", timestamp, address, name) + // return + //} + + if len(dir) > 0 { fullpath := filepath.Join(dir, name) - err := ioutil.WriteFile(fullpath, msg.Payload, 0644) + err := ioutil.WriteFile(fullpath, msg.Raw, 0644) if err != nil { fmt.Printf("\n%s {%x}: message received but not saved: %s\n", timestamp, address, err) } else { - fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Payload)) + fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Raw)) } } else { - fmt.Printf("\n%s {%x}: big message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Payload), name) + fmt.Printf("\n%s {%x}: message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Raw), name) } } |