From b7be61ef9eeacc3fbece44bf3575afbcf5f1ffe6 Mon Sep 17 00:00:00 2001
From: Kateryna Kostiuk <kateryna.kostiuk@savoirfairelinux.com>
Date: Tue, 8 Apr 2025 15:31:40 -0400
Subject: [PATCH] conversation: verify conversationId before cloning

This patch validates the conversationId before proceeding with
cloning. Otherwise, an empty conversationId could lead to
accidental removal of the entire conversations directory.

https://git.jami.net/savoirfairelinux/jami-client-qt/-/issues/1982
Change-Id: I428247498bb7533b12dadb8a479779e228e6dfb6
---
 src/jamidht/conversationrepository.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/jamidht/conversationrepository.cpp b/src/jamidht/conversationrepository.cpp
index bfdc08535e..727576cdd5 100644
--- a/src/jamidht/conversationrepository.cpp
+++ b/src/jamidht/conversationrepository.cpp
@@ -2635,6 +2635,12 @@ ConversationRepository::cloneConversation(
     const std::string& conversationId,
     std::function<void(std::vector<ConversationCommit>)>&& checkCommitCb)
 {
+    // Verify conversationId is not empty to avoid deleting the entire conversations directory
+    if (conversationId.empty()) {
+        JAMI_ERROR("[Account {}] Clone conversation with empty conversationId", account->getAccountID());
+        return nullptr;
+    }
+
     auto conversationsPath = fileutils::get_data_dir() / account->getAccountID() / "conversations";
     dhtnet::fileutils::check_dir(conversationsPath);
     auto path = conversationsPath / conversationId;
-- 
GitLab