srctree

Robin Linden parent 92728f7e 245200d8
Cap the number of active friend requests to 32

In order to alleviate attacks where an attacker spams a Tox ID withfriend requests, aTox will now discard any incoming friend requests once32 are already active. c-toxcore saves any added friends and sends newfriend requests on startup if needed, so there is no risk of requestsdisappearing permanently.

While receiving many thousands of friend requests failed to crash aTox,it is really annoying.
inlinesplit
atox/src/main/kotlin/tox/EventListenerCallbacks.kt added: 27, removed: 10, total 17
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2019-2021 aTox contributors
// SPDX-FileCopyrightText: 2019-2024 Robin Lindén <dev@robinlinden.eu>
//
// SPDX-License-Identifier: GPL-3.0-only
 
@@ -42,6 +42,7 @@ import ltd.evilcorp.domain.tox.ToxAvEventListener
import ltd.evilcorp.domain.tox.ToxEventListener
import ltd.evilcorp.domain.tox.toMessageType
 
private const val MAX_ACTIVE_FRIEND_REQUESTS = 32
private const val TAG = "EventListenerCallbacks"
 
private fun isImage(filename: String) = try {
@@ -68,6 +69,7 @@ class EventListenerCallbacks @Inject constructor(
private val tox: Tox,
private val settings: Settings,
) {
private var maxFriendRequestsWarningActive = false
private var audioPlayer: AudioPlayer? = null
private val scope = CoroutineScope(Dispatchers.Default)
 
@@ -106,7 +108,17 @@ class EventListenerCallbacks @Inject constructor(
}
}
 
friendRequestHandler = { publicKey, _, message ->
friendRequestHandler = handler@{ publicKey, _, message ->
if (friendRequestRepository.count() > MAX_ACTIVE_FRIEND_REQUESTS) {
if (!maxFriendRequestsWarningActive) {
Log.w(TAG, "Ignoring friend requests w/ $MAX_ACTIVE_FRIEND_REQUESTS already active")
maxFriendRequestsWarningActive = true
}
 
return@handler
}
 
maxFriendRequestsWarningActive = false
val request = FriendRequest(publicKey, message)
friendRequestRepository.add(request)
notificationHelper.showFriendRequestNotification(request, silent = tox.getStatus() == UserStatus.Busy)
 
atox/src/main/kotlin/ui/contactlist/ContactListFragment.kt added: 27, removed: 10, total 17
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2019-2023 Robin Lindén <dev@robinlinden.eu>
// SPDX-FileCopyrightText: 2019-2024 Robin Lindén <dev@robinlinden.eu>
// SPDX-FileCopyrightText: 2021-2022 aTox contributors
//
// SPDX-License-Identifier: GPL-3.0-only
@@ -54,7 +54,7 @@ import ltd.evilcorp.domain.tox.PublicKey
import ltd.evilcorp.domain.tox.ToxSaveStatus
 
const val ARG_SHARE = "share"
private const val MAX_CONFIRM_DELETE_STRING_LENGTH = 32
private const val MAX_CONFIRM_DELETE_STRING_LENGTH = 16
 
private fun User.online(): Boolean = connectionStatus != ConnectionStatus.None
 
 
core/src/main/kotlin/db/FriendRequestDao.kt added: 27, removed: 10, total 17
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2019-2020 aTox contributors
// SPDX-FileCopyrightText: 2019-2024 Robin Lindén <dev@robinlinden.eu>
//
// SPDX-License-Identifier: GPL-3.0-only
 
@@ -25,4 +25,7 @@ interface FriendRequestDao {
 
@Query("SELECT * FROM friend_requests WHERE public_key == :publicKey")
fun load(publicKey: String): Flow<FriendRequest>
 
@Query("SELECT COUNT(public_key) FROM friend_requests")
fun count(): Int
}
 
core/src/main/kotlin/repository/FriendRequestRepository.kt added: 27, removed: 10, total 17
@@ -1,4 +1,4 @@
// SPDX-FileCopyrightText: 2019-2020 aTox contributors
// SPDX-FileCopyrightText: 2019-2024 Robin Lindén <dev@robinlinden.eu>
//
// SPDX-License-Identifier: GPL-3.0-only
 
@@ -21,4 +21,6 @@ class FriendRequestRepository @Inject internal constructor(
fun getAll(): Flow<List<FriendRequest>> = friendRequestDao.loadAll()
 
fun get(publicKey: String): Flow<FriendRequest> = friendRequestDao.load(publicKey)
 
fun count(): Int = friendRequestDao.count()
}