Prevent injecting a forged encrypted message and using session_id/sender_key of another room.

ariskotsomitopoulos · ariskotsomitopoulos · commit efd082c957af · 2022-04-28T17:15:46.000+03:00
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/DefaultCryptoService.kt
@@ -1392,6 +1392,9 @@ internal class DefaultCryptoService @Inject constructor(
                                 senderKey = sessionInfoPair.second,
                                 sharedHistory = true
                         )
+                    }?.filter { inboundGroupSession ->
+                        // Prevent injecting a forged encrypted message and using session_id/sender_key of another room.
+                        inboundGroupSession.roomId == roomId
                     }?.forEach { inboundGroupSession ->
                         // Share the sharable session to userId with deviceId
                         val exportedKeys = inboundGroupSession.exportKeys(sharedHistory = true)
