aboutsummaryrefslogtreecommitdiffstats
path: root/cmd
diff options
context:
space:
mode:
authorgluk256 <gluk256@users.noreply.github.com>2018-03-01 16:34:46 +0800
committerGuillaume Ballet <gballet@gmail.com>2018-03-01 16:34:46 +0800
commit5a150e1b7724c91009a237ab0879cd64844b390d (patch)
tree04d9f170d361f6094f870e0f5d2b3f625abbe1d1 /cmd
parent9b4e182ce5c0a82799cc3c455444c18c664fa996 (diff)
downloaddexon-5a150e1b7724c91009a237ab0879cd64844b390d.tar.gz
dexon-5a150e1b7724c91009a237ab0879cd64844b390d.tar.zst
dexon-5a150e1b7724c91009a237ab0879cd64844b390d.zip
whisper: serious security issue fixed (#16219)
The diagnostic tool was saving the unencrypted version of the messages, which is an obvious security flaw. As of this commit: * encrypted messages saved instead of plain text. * all messages are stored, even that created by the user of wnode.
Diffstat (limited to 'cmd')
-rw-r--r--cmd/wnode/main.go17
1 files changed, 10 insertions, 7 deletions
diff --git a/cmd/wnode/main.go b/cmd/wnode/main.go
index 0f86adb81..f8606bf82 100644
--- a/cmd/wnode/main.go
+++ b/cmd/wnode/main.go
@@ -594,19 +594,22 @@ func writeMessageToFile(dir string, msg *whisper.ReceivedMessage) {
address = crypto.PubkeyToAddress(*msg.Src)
}
- if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) {
- // message from myself: don't save, only report
- fmt.Printf("\n%s <%x>: message received: '%s'\n", timestamp, address, name)
- } else if len(dir) > 0 {
+ // this is a sample code; uncomment if you don't want to save your own messages.
+ //if whisper.IsPubKeyEqual(msg.Src, &asymKey.PublicKey) {
+ // fmt.Printf("\n%s <%x>: message from myself received, not saved: '%s'\n", timestamp, address, name)
+ // return
+ //}
+
+ if len(dir) > 0 {
fullpath := filepath.Join(dir, name)
- err := ioutil.WriteFile(fullpath, msg.Payload, 0644)
+ err := ioutil.WriteFile(fullpath, msg.Raw, 0644)
if err != nil {
fmt.Printf("\n%s {%x}: message received but not saved: %s\n", timestamp, address, err)
} else {
- fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Payload))
+ fmt.Printf("\n%s {%x}: message received and saved as '%s' (%d bytes)\n", timestamp, address, name, len(msg.Raw))
}
} else {
- fmt.Printf("\n%s {%x}: big message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Payload), name)
+ fmt.Printf("\n%s {%x}: message received (%d bytes), but not saved: %s\n", timestamp, address, len(msg.Raw), name)
}
}