From 06448ea80ed8c304a8eb619cbdea2cec790d393f Mon Sep 17 00:00:00 2001 From: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:39:37 -0700 Subject: [PATCH] Fix uncaught error in AttachmentCrypto --- ACKNOWLEDGMENTS.md | 2 +- package.json | 2 +- pnpm-lock.yaml | 10 +++++----- ts/AttachmentCrypto.node.ts | 24 +++++++++++++----------- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/ACKNOWLEDGMENTS.md b/ACKNOWLEDGMENTS.md index 4bdcc76522..988dbbab6a 100644 --- a/ACKNOWLEDGMENTS.md +++ b/ACKNOWLEDGMENTS.md @@ -9836,7 +9836,7 @@ DEALINGS IN THE SOFTWARE. ``` -## gimli 0.31.1, heck 0.5.0, unicode-xid 0.2.6 +## gimli 0.31.1, heck 0.5.0, unicode-segmentation 1.12.0, unicode-xid 0.2.6 ``` Copyright (c) 2015 The Rust Project Developers diff --git a/package.json b/package.json index a8b45f6105..f941434740 100644 --- a/package.json +++ b/package.json @@ -132,7 +132,7 @@ "@react-aria/utils": "3.25.3", "@react-spring/web": "9.7.5", "@react-types/shared": "3.27.0", - "@signalapp/libsignal-client": "0.83.0", + "@signalapp/libsignal-client": "0.85.1", "@signalapp/minimask": "1.0.1", "@signalapp/mute-state-change": "workspace:1.0.0", "@signalapp/quill-cjs": "2.1.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6e49590b0f..3e94199795 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -129,8 +129,8 @@ importers: specifier: 3.27.0 version: 3.27.0(react@18.3.1) '@signalapp/libsignal-client': - specifier: 0.83.0 - version: 0.83.0 + specifier: 0.85.1 + version: 0.85.1 '@signalapp/minimask': specifier: 1.0.1 version: 1.0.1 @@ -3492,8 +3492,8 @@ packages: '@signalapp/libsignal-client@0.76.7': resolution: {integrity: sha512-iGWTlFkko7IKlm96Iy91Wz5sIN089nj02ifOk6BWtLzeVi0kFaNj+jK26Sl1JRXy/VfXevcYtiOivOg43BPqpg==} - '@signalapp/libsignal-client@0.83.0': - resolution: {integrity: sha512-QaXviPAvj4PA2QDmN6YyPnlkp699BE3fIgaJmKrfvZMsvBfMGeJ3H3BHFt0CV2vUWMbc3oEgxbwdXu//f6oTrA==} + '@signalapp/libsignal-client@0.85.1': + resolution: {integrity: sha512-AXOug/lcEQOgKt46VOfL9yE+3V8kRKggscORytIImT/F4qehsGNgHwJjpi+bwFbw2dEhBCqEoDu8m1n96WZ7Gg==} '@signalapp/minimask@1.0.1': resolution: {integrity: sha512-QAwo0joA60urTNbW9RIz6vLKQjy+jdVtH7cvY0wD9PVooD46MAjE40MLssp4xUJrph91n2XvtJ3pbEUDrmT2AA==} @@ -14290,7 +14290,7 @@ snapshots: type-fest: 4.26.1 uuid: 11.0.2 - '@signalapp/libsignal-client@0.83.0': + '@signalapp/libsignal-client@0.85.1': dependencies: node-gyp-build: 4.8.4 type-fest: 4.26.1 diff --git a/ts/AttachmentCrypto.node.ts b/ts/AttachmentCrypto.node.ts index 553deb1d92..aae42585e3 100644 --- a/ts/AttachmentCrypto.node.ts +++ b/ts/AttachmentCrypto.node.ts @@ -387,17 +387,6 @@ export async function decryptAttachmentV2ToSink( const hmac = createHmac(HashType.size256, macKey); const plaintextHash = createHash(HashType.size256); - const incrementalDigestValidator = - options.type === 'standard' && - options.theirIncrementalMac && - options.theirChunkSize - ? new ValidatingPassThrough( - Buffer.from(macKey), - everyNthByte(options.theirChunkSize), - Buffer.from(options.theirIncrementalMac) - ) - : undefined; - let theirMac: Uint8Array | undefined; // When downloading from backup there is an outer encryption layer; in that case we @@ -436,6 +425,19 @@ export async function decryptAttachmentV2ToSink( throw missingCaseError(options); } + // Initializing `ValidatingPassThrough` might throw on invalid parameters so + // it is important to do it within `try {} catch {}` + const incrementalDigestValidator = + options.type === 'standard' && + options.theirIncrementalMac && + options.theirChunkSize + ? new ValidatingPassThrough( + Buffer.from(macKey), + everyNthByte(options.theirChunkSize), + Buffer.from(options.theirIncrementalMac) + ) + : undefined; + await pipeline( [ ciphertextStream,