Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-21 05:48:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Validate message timestamps

Browse Source
This commit is contained in:
Jon Chambers
2024-12-19 14:30:50 -05:00
committed by Jon Chambers
parent 16a50935ea
commit 8af939d320
3 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java
View File

@@ -209,6 +209,11 @@ public class MessageController {
@VisibleForTesting
static final long MAX_MESSAGE_SIZE = DataSize.kibibytes(256).toBytes();
// The Signal desktop client (really, JavaScript in general) can handle message timestamps at most 100,000,000 days
// past the epoch; please see https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date#the_epoch_timestamps_and_invalid_date
// for additional details.
public static final long MAX_TIMESTAMP = 86_400_000L * 100_000_000L;
private static final Duration NOTIFY_FOR_REMAINING_MESSAGES_DELAY = Duration.ofMinutes(1);
public MessageController(
@@ -554,6 +559,10 @@ public class MessageController {
@Context ContainerRequestContext context) throws RateLimitExceededException {
if (timestamp < 0 || timestamp > MAX_TIMESTAMP) {
throw new BadRequestException("Illegal timestamp");
}
final SpamChecker.SpamCheckResult spamCheck = spamChecker.checkForSpam(context, Optional.empty(), Optional.empty(), Optional.empty());
if (spamCheck instanceof final SpamChecker.Spam spam) {
return spam.response();