Make sure we don't try to get metadata for blobs

2020-04-07 11:03:35 +02:00 · 2020-04-07 11:03:35 +02:00 · 4672bf794b
parent 9de345044a
commit 4672bf794b
4 changed files with 12 additions and 1 deletions
--- a/www/common/inner/common-modal.js
+++ b/www/common/inner/common-modal.js
@ -59,8 +59,8 @@ define([
            }), opts.href);

            // If this is a file, don't try to look for metadata
-            if (opts.channel && opts.channel.length > 34) { return; }
            if (opts.channel) { data.channel = opts.channel; }
+            if (!data.channel || data.channel.length > 32) { return; }
            Modal.loadMetadata(Env, data, waitFor);
        }).nThen(function () {
            cb(void 0, data);
--- a/www/common/outer/async-store.js
+++ b/www/common/outer/async-store.js
@ -675,6 +675,8 @@ define([
                sem.take(function (give) {
                    var otherOwners = false;
                    nThen(function (_w) {
+                        // Don't check server metadata for blobs
+                        if (c.length !== 32) { return; }
                        Store.anonRpcMsg(null, {
                            msg: 'GET_METADATA',
                            data: c
@ -1807,6 +1809,7 @@ define([
            var cb = Util.once(Util.mkAsync(_cb));

            if (!data.channel) { return void cb({ error: 'ENOTFOUND'}); }
+            if (!data.channel.length !== 32) { return void cb({ error: 'EINVAL'}); }
            store.anon_rpc.send('GET_METADATA', data.channel, function (err, obj) {
                if (err) { return void cb({error: err}); }
                var metadata = (obj && obj[0]) || {};
--- a/www/common/outer/team.js
+++ b/www/common/outer/team.js
@ -678,6 +678,8 @@ define([
                sem.take(function (give) {
                    var otherOwners = false;
                    nThen(function (_w) {
+                        // Don't check server metadata for blobs
+                        if (c.length !== 32) { return; }
                        ctx.Store.anonRpcMsg(null, {
                            msg: 'GET_METADATA',
                            data: c
--- a/www/common/sframe-common-outer.js
+++ b/www/common/sframe-common-outer.js
@ -1266,6 +1266,9 @@ define([
                    var _parsed = Utils.Hash.parsePadUrl(metadata.roHref);
                    _secret = Utils.Hash.getSecrets(_parsed.type, _parsed.hash, metadata.password);
                }
+                if (_secret.channel.length !== 32) {
+                    return void cb({error: 'EINVAL'});
+                }
                var crypto = Crypto.createEncryptor(_secret.keys);
                nThen(function (waitFor) {
                    // Try to get the owner's mailbox from the pad metadata first.
@ -1325,6 +1328,9 @@ define([
                    var _parsed = Utils.Hash.parsePadUrl(metadata.href || metadata.roHref);
                    _secret = Utils.Hash.getSecrets(_parsed.type, _parsed.hash, metadata.password);
                }
+                if (_secret.channel.length !== 32) {
+                    return void cb({error: 'EINVAL'});
+                }
                var crypto = Crypto.createEncryptor(_secret.keys);
                nThen(function (waitFor) {
                    // If we already have metadata, use it, otherwise, try to get it