StarMirror/qTox
1
0
Fork 0
mirror of https://github.com/qTox/qTox.git synced 2024-03-22 14:00:36 +08:00
Code Issues Projects Releases Wiki Activity

Fix use after free of groupchat invites

Browse Source 
Fixes #728, fixes #706, fixes #394
This commit is contained in:
Tux3 / Mlkj / !Lev.uXFMLA 2014-11-13 00:13:11 +01:00
parent 941c9af348
commit 4bb91143d7
No known key found for this signature in database
GPG Key ID: 7E086DD661263264
4 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/core.cpp
View File

@ -481,15 +481,16 @@ void Core::onGroupAction(Tox*, int groupnumber, int peernumber, const uint8_t *a
void Core::onGroupInvite(Tox*, int friendnumber, uint8_t type, const uint8_t *data, uint16_t length,void *core)
{
QByteArray pk((char*)data, length);
if (type == TOX_GROUPCHAT_TYPE_TEXT)
{
qDebug() << QString("Core: Text group invite by %1").arg(friendnumber);
emit static_cast<Core*>(core)->groupInviteReceived(friendnumber,type,data,length);
emit static_cast<Core*>(core)->groupInviteReceived(friendnumber,type,pk);
}
else if (type == TOX_GROUPCHAT_TYPE_AV)
{
qDebug() << QString("Core: AV group invite by %1").arg(friendnumber);
emit static_cast<Core*>(core)->groupInviteReceived(friendnumber,type,data,length);
emit static_cast<Core*>(core)->groupInviteReceived(friendnumber,type,pk);
}
else
{
@ -1491,6 +1492,7 @@ int Core::joinGroupchat(int32_t friendnumber, uint8_t type, const uint8_t* frien
else if (type == TOX_GROUPCHAT_TYPE_AV)
{
qDebug() << QString("Trying to join AV groupchat invite sent by friend %1").arg(friendnumber);
const_cast<uint8_t*>(friend_group_public_key)[2] = TOX_GROUPCHAT_TYPE_AV;
return toxav_join_av_groupchat(tox, friendnumber, friend_group_public_key, length, playGroupAudio, const_cast<Core*>(this));
}
else

2
src/core.h
View File

@ -145,7 +145,7 @@ signals:
void friendLastSeenChanged(int friendId, const QDateTime& dateTime);
void emptyGroupCreated(int groupnumber);
void groupInviteReceived(int friendnumber, uint8_t type, const uint8_t *group_public_key,uint16_t length);
void groupInviteReceived(int friendnumber, uint8_t type, QByteArray publicKey);
void groupMessageReceived(int groupnumber, const QString& message, const QString& author, bool isAction);
void groupNamelistChanged(int groupnumber, int peernumber, uint8_t change);

4
src/widget/widget.cpp
View File

@ -872,11 +872,11 @@ void Widget::copyFriendIdToClipboard(int friendId)
}
}
void Widget::onGroupInviteReceived(int32_t friendId, uint8_t type, const uint8_t* publicKey,uint16_t length)
void Widget::onGroupInviteReceived(int32_t friendId, uint8_t type, QByteArray invite)
{
if (type == TOX_GROUPCHAT_TYPE_TEXT || type == TOX_GROUPCHAT_TYPE_AV)
{
int groupId = core->joinGroupchat(friendId, type, publicKey,length);
int groupId = core->joinGroupchat(friendId, type, (uint8_t*)invite.data(), invite.length());
if (groupId < 0)
{
qWarning() << "Widget::onGroupInviteReceived: Unable to accept group invite";

2
src/widget/widget.h
View File

@ -112,7 +112,7 @@ private slots:
void onFriendRequestReceived(const QString& userId, const QString& message);
void onReceiptRecieved(int friendId, int receipt);
void onEmptyGroupCreated(int groupId);
void onGroupInviteReceived(int32_t friendId, uint8_t type, const uint8_t *publicKey,uint16_t length);
void onGroupInviteReceived(int32_t friendId, uint8_t type, QByteArray invite);
void onGroupMessageReceived(int groupnumber, const QString& message, const QString& author, bool isAction);
void onGroupNamelistChanged(int groupnumber, int peernumber, uint8_t change);
void removeFriend(int friendId);