From b7be61ef9eeacc3fbece44bf3575afbcf5f1ffe6 Mon Sep 17 00:00:00 2001 From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com> Date: Tue, 8 Apr 2025 15:31:40 -0400 Subject: [PATCH] conversation: verify conversationId before cloning This patch validates the conversationId before proceeding with cloning. Otherwise, an empty conversationId could lead to accidental removal of the entire conversations directory. https://git.jami.net/savoirfairelinux/jami-client-qt/-/issues/1982 Change-Id: I428247498bb7533b12dadb8a479779e228e6dfb6 --- src/jamidht/conversationrepository.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/jamidht/conversationrepository.cpp b/src/jamidht/conversationrepository.cpp index bfdc08535e..727576cdd5 100644 --- a/src/jamidht/conversationrepository.cpp +++ b/src/jamidht/conversationrepository.cpp @@ -2635,6 +2635,12 @@ ConversationRepository::cloneConversation( const std::string& conversationId, std::function<void(std::vector<ConversationCommit>)>&& checkCommitCb) { + // Verify conversationId is not empty to avoid deleting the entire conversations directory + if (conversationId.empty()) { + JAMI_ERROR("[Account {}] Clone conversation with empty conversationId", account->getAccountID()); + return nullptr; + } + auto conversationsPath = fileutils::get_data_dir() / account->getAccountID() / "conversations"; dhtnet::fileutils::check_dir(conversationsPath); auto path = conversationsPath / conversationId; -- GitLab