From eff3f72d9c302254c5aee2dceb86da6d685d0523 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20B=C3=A9raud?= <adrien.beraud@savoirfairelinux.com>
Date: Tue, 13 Feb 2018 18:37:37 +0100
Subject: [PATCH] ringaccount: prevent adding invalid contact

Use of an invalid ringId could lead to adding
an invalid contact to the account.
Prevent this with a check in addContact and updateContact

Change-Id: I2e396425cf0283e63c2262d8aca6724edf1d9f17
Reviewed-by: Andreas Traczyk <andreas.traczyk@savoirfairelinux.com>
---
 src/ringdht/ringaccount.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/ringdht/ringaccount.cpp b/src/ringdht/ringaccount.cpp
index bcc4ed8993..3fd7ac0468 100644
--- a/src/ringdht/ringaccount.cpp
+++ b/src/ringdht/ringaccount.cpp
@@ -2839,6 +2839,10 @@ RingAccount::addContact(const std::string& uri, bool confirmed)
 {
     RING_WARN("[Account %s] addContact: %s", getAccountID().c_str(), uri.c_str());
     dht::InfoHash h (uri);
+    if (not h) {
+        RING_ERR("[Account %s] addContact: invalid contact URI", getAccountID().c_str());
+        return;
+    }
     auto c = contacts_.find(h);
     if (c == contacts_.end())
         c = contacts_.emplace(h, Contact{}).first;
@@ -2910,6 +2914,10 @@ RingAccount::getContacts() const
 void
 RingAccount::updateContact(const dht::InfoHash& id, const Contact& contact)
 {
+    if (not id) {
+        RING_ERR("[Account %s] updateContact: invalid contact ID", getAccountID().c_str());
+        return;
+    }
     bool stateChanged {false};
     auto c = contacts_.find(id);
     if (c == contacts_.end()) {
-- 
GitLab