Signal/Desktop
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Desktop.git synced 2026-02-14 23:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add extra checks for OptionalResourceService

Browse Source 
Co-authored-by: Fedor Indutny <79877362+indutny-signal@users.noreply.github.com>
This commit is contained in:
automated-signal
2026-02-11 18:58:58 -06:00
committed by GitHub
parent 2123354a49
commit 65bc0b2987
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/OptionalResourceService.main.ts
View File

@@ -77,7 +77,7 @@ export class OptionalResourceService {
timingSafeEqual(digest, Buffer.from(decl.digest, 'base64')) &&
onDisk.length === decl.size
) {
log.warn(`loaded ${name} from disk`);
log.info(`loaded ${name} from disk`);
this.#cache.set(name, onDisk);
return onDisk;
}
@@ -175,6 +175,16 @@ export class OptionalResourceService {
): Promise<Buffer> {
const result = await got(decl.url, await getGotOptions()).buffer();
const digest = createHash('sha512').update(result).digest();
// Same digest and size
if (
!timingSafeEqual(digest, Buffer.from(decl.digest, 'base64')) ||
result.length !== decl.size
) {
throw new Error(`Invalid remote resource for ${name}`);
}
this.#cache.set(name, result);
try {