X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=src%2Ffreenet%2Fintroductionpuzzlerequester.cpp;h=70b3102fe01099469110c86b4880f5794cf0872e;hb=9b22dd53fe62e312c1647310b7ec43aa127090af;hp=03d4a419f3119ec3066192a70ff14f0e1c586ce0;hpb=52c0819bfc1d083c6e0738f75f0d7eeba521295a;p=fms.git

diff --git a/src/freenet/introductionpuzzlerequester.cpp b/src/freenet/introductionpuzzlerequester.cpp
index 03d4a41..70b3102 100644
--- a/src/freenet/introductionpuzzlerequester.cpp
+++ b/src/freenet/introductionpuzzlerequester.cpp
@@ -2,6 +2,8 @@
 #include "../../include/freenet/introductionpuzzlexml.h"
 #include "../../include/option.h"
 #include "../../include/stringfunctions.h"
+#include "../../include/bitmapvalidator.h"
+#include "../../include/base64.h"
 
 #ifdef XMEM
 	#include <xmem.h>
@@ -38,6 +40,7 @@ const bool IntroductionPuzzleRequester::HandleAllData(FCPMessage &message)
 	IntroductionPuzzleXML xml;
 	long identityid;
 	long index;
+	bool validmessage=true;
 
 	now.SetToGMTime();
 	StringFunctions::Split(message["Identifier"],"|",idparts);
@@ -65,17 +68,74 @@ const bool IntroductionPuzzleRequester::HandleAllData(FCPMessage &message)
 	if(xml.ParseXML(std::string(data.begin(),data.end()))==true)
 	{
 
-		// TODO - check if last part of UUID matches public key of identity who inserted it
+		// check if last part of UUID matches first part of public key of identity who inserted it
+		st=m_db->Prepare("SELECT PublicKey FROM tblIdentity WHERE IdentityID=?;");
+		st.Bind(0,identityid);
+		st.Step();
+		if(st.RowReturned())
+		{
+			std::vector<std::string> uuidparts;
+			std::vector<std::string> keyparts;
+			std::string keypart="";
+			std::string publickey="";
+
+			st.ResultText(0,publickey);
+
+			StringFunctions::SplitMultiple(publickey,"@,",keyparts);
+			StringFunctions::SplitMultiple(xml.GetUUID(),"@",uuidparts);
+
+			if(uuidparts.size()>1 && keyparts.size()>1)
+			{
+				keypart=StringFunctions::Replace(StringFunctions::Replace(keyparts[1],"-",""),"~","");
+				if(keypart!=uuidparts[1])
+				{
+					m_log->WriteLog(LogFile::LOGLEVEL_ERROR,"IntroductionPuzzleRequester::HandleAllData UUID in IntroductionPuzzle doesn't match public key of identity : "+message["Identifier"]);
+					validmessage=false;
+				}
+			}
+			else
+			{
+				m_log->WriteLog(LogFile::LOGLEVEL_ERROR,"IntroductionPuzzleRequester::HandleAllData Error with identity's public key or UUID : "+message["Identifier"]);
+				validmessage=false;
+			}
+
+		}
+		else
+		{
+			m_log->WriteLog(LogFile::LOGLEVEL_ERROR,"IntroductionPuzzleRequester::HandleAllData Error couldn't find identity : "+message["Identifier"]);
+			validmessage=false;
+		}
+
+		// we can only validate bitmaps for now
+		BitmapValidator val;
+		std::vector<unsigned char> puzzledata;
+		Base64::Decode(xml.GetPuzzleData(),puzzledata);
+		if(xml.GetMimeType()!="image/bmp" || val.Validate(puzzledata)==false)
+		{
+			m_log->WriteLog(LogFile::LOGLEVEL_ERROR,"IntroductionPuzzleRequester::HandleAllData received bad mime type and/or data for "+message["Identifier"]);
+			validmessage=false;
+		}
 
 		st=m_db->Prepare("INSERT INTO tblIntroductionPuzzleRequests(IdentityID,Day,RequestIndex,Found,UUID,Type,MimeType,PuzzleData) VALUES(?,?,?,?,?,?,?,?);");
 		st.Bind(0,identityid);
 		st.Bind(1,idparts[4]);
 		st.Bind(2,index);
-		st.Bind(3,"true");
-		st.Bind(4,xml.GetUUID());
-		st.Bind(5,xml.GetType());
-		st.Bind(6,xml.GetMimeType());
-		st.Bind(7,xml.GetPuzzleData());
+		if(validmessage)
+		{
+			st.Bind(3,"true");
+			st.Bind(4,xml.GetUUID());
+			st.Bind(5,xml.GetType());
+			st.Bind(6,xml.GetMimeType());
+			st.Bind(7,xml.GetPuzzleData());
+		}
+		else
+		{
+			st.Bind(3,"false");
+			st.Bind(4);
+			st.Bind(5);
+			st.Bind(6);
+			st.Bind(7);
+		}
 		st.Step();
 		st.Finalize();
 
@@ -204,8 +264,8 @@ void IntroductionPuzzleRequester::PopulateIDList()
 
 	now.SetToGMTime();
 
-	// select identities that aren't single use and have been seen today ( order by trust DESC and limit to limitnum )
-	st=m_db->Prepare("SELECT IdentityID FROM tblIdentity WHERE PublicKey IS NOT NULL AND PublicKey <> '' AND SingleUse='false' AND LastSeen>='"+now.Format("%Y-%m-%d")+"' ORDER BY LocalMessageTrust DESC LIMIT 0,"+limitnum+";");
+	// select identities that aren't single use, are publishing a trust list, and have been seen today ( order by trust DESC and limit to limitnum )
+	st=m_db->Prepare("SELECT IdentityID FROM tblIdentity WHERE PublishTrustList='true' AND PublicKey IS NOT NULL AND PublicKey <> '' AND SingleUse='false' AND LastSeen>='"+now.Format("%Y-%m-%d")+"' ORDER BY LocalMessageTrust DESC LIMIT 0,"+limitnum+";");
 	st.Step();
 
 	m_ids.clear();