From 228a993237036bdb9ad5203530947fc11d950b78 Mon Sep 17 00:00:00 2001 From: Alex Hart Date: Wed, 24 Sep 2025 14:06:36 -0300 Subject: [PATCH] Ignore PNI messages for everything except server delivery receipts. --- .../securesms/messages/MessageDecryptor.kt | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt index 875bdd99f9..01192688a1 100644 --- a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt +++ b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageDecryptor.kt @@ -130,6 +130,12 @@ object MessageDecryptor { return Result.Ignore(envelope, serverDeliveredTimestamp, emptyList()) } + val sourceServiceId = ServiceId.parseOrNull(envelope.sourceServiceId) + if (sourceServiceId is PNI && envelope.type != Envelope.Type.SERVER_DELIVERY_RECEIPT) { + Log.w(TAG, "${logPrefix(envelope)} Got a message from a PNI that was not a SERVER_DELIVERY_RECEIPT.") + return Result.Ignore(envelope, serverDeliveredTimestamp, emptyList()) + } + val followUpOperations: MutableList = mutableListOf() if (envelope.type == Envelope.Type.PREKEY_BUNDLE) { @@ -153,6 +159,11 @@ object MessageDecryptor { return Result.Ignore(envelope, serverDeliveredTimestamp, followUpOperations.toUnmodifiableList()) } + if (cipherResult.metadata.sourceServiceId is PNI && envelope.sourceServiceId == null) { + Log.w(TAG, "${logPrefix(envelope)} Invalid message! Sealed sender used for a PNI.") + return Result.Ignore(envelope, serverDeliveredTimestamp, followUpOperations.toUnmodifiableList()) + } + Log.d(TAG, "${logPrefix(envelope, cipherResult)} Successfully decrypted the envelope in ${(endTimeNanos - startTimeNanos).nanoseconds.toDouble(DurationUnit.MILLISECONDS).roundedString(2)} ms (GUID ${envelope.serverGuid}). Delivery latency: ${serverDeliveredTimestamp - envelope.serverTimestamp!!} ms, Urgent: ${envelope.urgent}") val validationResult: EnvelopeContentValidator.Result = EnvelopeContentValidator.validate(envelope, cipherResult.content, SignalStore.account.aci!!)