From 9d83214158e0cf008cad976dc6be4853d2a4848e Mon Sep 17 00:00:00 2001
From: ansuz <ansuz@transitiontech.ca>
Date: Wed, 28 Jun 2017 11:36:34 +0200
Subject: [PATCH] forbid cache poisoning via botched reset calls

---
 rpc.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/rpc.js b/rpc.js
index 25b1ae550..1df16b8f9 100644
--- a/rpc.js
+++ b/rpc.js
@@ -578,8 +578,7 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
         });
     }
 
-    var pins = session.channels = {};
-
+    var pins = {};
     getMultipleFileSize(Env, channelList, function (e, sizes) {
         if (e) { return void cb(e); }
         var pinSize = sumChannelSizes(sizes);
@@ -606,6 +605,8 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
                     pins[channel] = true;
                 });
 
+                // update in-memory cache IFF the reset was allowed.
+                session.channels = pins;
                 getHash(Env, publicKey, function (e, hash) {
                     cb(e, hash);
                 });