Signal/Desktop
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Desktop.git synced 2026-02-15 07:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add extra checks for OptionalResourceService

Browse Source
This commit is contained in:
Fedor Indutny
2026-02-11 16:13:17 -08:00
committed by GitHub
parent cca7be8f16
commit 12e9013572
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/OptionalResourceService.main.ts
View File

@@ -77,7 +77,7 @@ export class OptionalResourceService {
timingSafeEqual(digest, Buffer.from(decl.digest, 'base64')) &&
onDisk.length === decl.size
) {
log.warn(`loaded ${name} from disk`);
log.info(`loaded ${name} from disk`);
this.#cache.set(name, onDisk);
return onDisk;
}
@@ -175,6 +175,16 @@ export class OptionalResourceService {
): Promise<Buffer> {
const result = await got(decl.url, await getGotOptions()).buffer();
const digest = createHash('sha512').update(result).digest();
// Same digest and size
if (
!timingSafeEqual(digest, Buffer.from(decl.digest, 'base64')) ||
result.length !== decl.size
) {
throw new Error(`Invalid remote resource for ${name}`);
}
this.#cache.set(name, result);
try {