Fix evil encrypted file event with null url

2025-07-21 12:46:51 +12:00 · 2025-07-21 12:46:51 +12:00 · 9a33ba3ed2
commit 9a33ba3ed2
parent baf024af84
3 changed files with 92 additions and 6 deletions
--- a/src/m2d/converters/event-to-message.js
+++ b/src/m2d/converters/event-to-message.js
@ -539,15 +539,15 @@ async function eventToMessage(event, guild, di) {
 	if (event.type === "m.room.message" && (event.content.msgtype === "m.file" || event.content.msgtype === "m.video" || event.content.msgtype === "m.audio" || event.content.msgtype === "m.image")) {
 		content = ""
 		const filename = event.content.filename || event.content.body
-		if ("url" in event.content) {
-			// Unencrypted
-			attachments.push({id: "0", filename})
-			pendingFiles.push({name: filename, mxc: event.content.url})
-		} else {
+		if ("file" in event.content) {
 			// Encrypted
 			assert.equal(event.content.file.key.alg, "A256CTR")
 			attachments.push({id: "0", filename})
 			pendingFiles.push({name: filename, mxc: event.content.file.url, key: event.content.file.key.k, iv: event.content.file.iv})
+		} else {
+			// Unencrypted
+			attachments.push({id: "0", filename})
+			pendingFiles.push({name: filename, mxc: event.content.url})
 		}
 		// Check if we also need to process a text event for this image - if it has a caption that's different from its filename
 		if ((event.content.body && event.content.filename && event.content.body !== event.content.filename) || event.content.formatted_body) {
--- a/src/m2d/converters/event-to-message.test.js
+++ b/src/m2d/converters/event-to-message.test.js
@ -3956,6 +3956,91 @@ test("event2message: encrypted image attachments work", async t => {
 	)
 })

+test("event2message: evil encrypted image attachment works", async t => {
+	t.deepEqual(
+		await eventToMessage({
+			sender: "@austin:tchncs.de",
+			type: "m.room.message",
+			content: {
+				body: "Screenshot 2025-06-29 at 13.36.46.png",
+				file: {
+					hashes: {
+						sha256: "Vh1apd8wSFu/BpUdQbIrKUzFB0Uu+l1octgZL+aVGTQ"
+					},
+					iv: "sd33K7pSZNMAAAAAAAAAAA",
+					key: {
+						alg: "A256CTR",
+						ext: true,
+						k: "-nyqk1eqI-g-ND59P9qHp310-Qyc2A5gSAYm1BxopSg",
+						key_ops: [
+							"encrypt",
+							"decrypt"
+						],
+						kty: "oct"
+					},
+					url: "mxc://tchncs.de/eac5f83fa97cd74062daf75dfa04d6e5356897281939377544214085632",
+					v: "v2"
+				},
+				info: {
+					h: 682,
+					mimetype: "image/png",
+					"org.matrix.msc4230.is_animated": false,
+					size: 1813154,
+					thumbnail_file: {
+						hashes: {
+							sha256: "o3xykQwfsTUf5Y8qP5fjT7qBv5lAT3rtkmPpise5eQw"
+						},
+						iv: "SNxIZsJkju4AAAAAAAAAAA",
+						key: {
+							alg: "A256CTR",
+							ext: true,
+							k: "CcibYjzzSDexOWBbcBh_kCDiLibg8vUZthz5CnxV0es",
+							key_ops: [
+								"encrypt",
+								"decrypt"
+							],
+							kty: "oct"
+						},
+						url: "mxc://tchncs.de/ecd811d913ed1b240ebfc81517a5de2c3a1e9d401939377537079574528",
+						v: "v2"
+					},
+					thumbnail_info: {
+						h: 600,
+						mimetype: "image/png",
+						size: 451773,
+						w: 507
+					},
+					thumbnail_url: null,
+					w: 577,
+					"xyz.amorgan.blurhash": "TqN1Ais=t1~qRjWFxURiWCM{ofof"
+				},
+				"m.mentions": {},
+				msgtype: "m.image",
+				url: null
+			},
+			event_id: "$UKMbzTlqlyLYN78utVEtiivABFvOe39nx5trHwqNmeQ",
+			room_id: "!iSyXgNxQcEuXoXpsSn:pussthecat.org"
+		}),
+		{
+			ensureJoined: [],
+			messagesToDelete: [],
+			messagesToEdit: [],
+			messagesToSend: [{
+				username: "Austin Huang",
+				content: "",
+				avatar_url: "https://bridge.example.org/download/matrix/tchncs.de/090a2b5e07eed2f71e84edad5207221e6c8f8b8e",
+				attachments: [{id: "0", filename: "Screenshot 2025-06-29 at 13.36.46.png"}],
+				pendingFiles: [{
+					name: "Screenshot 2025-06-29 at 13.36.46.png",
+					mxc: "mxc://tchncs.de/eac5f83fa97cd74062daf75dfa04d6e5356897281939377544214085632",
+					key: "-nyqk1eqI-g-ND59P9qHp310-Qyc2A5gSAYm1BxopSg",
+					iv: "sd33K7pSZNMAAAAAAAAAAA"
+				}]
+			}]
+		}
+	)
+})
+
 test("event2message: stickers work", async t => {
 	t.deepEqual(
 		await eventToMessage({
--- a/test/ooye-test-data.sql
+++ b/test/ooye-test-data.sql
@ -160,7 +160,8 @@ INSERT INTO member_cache (room_id, mxid, displayname, avatar_url, power_level) V
 ('!TqlyQmifxGUggEmdBN:cadence.moe', '@Milan:tchncs.de', 'Milan', NULL, 0),
 ('!TqlyQmifxGUggEmdBN:cadence.moe', '@ampflower:matrix.org', 'Ampflower 🌺', 'mxc://cadence.moe/PRfhXYBTOalvgQYtmCLeUXko', 0),
 ('!TqlyQmifxGUggEmdBN:cadence.moe', '@aflower:syndicated.gay', 'Rose', 'mxc://syndicated.gay/ZkBUPXCiXTjdJvONpLJmcbKP', 0),
-('!TqlyQmifxGUggEmdBN:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0);
+('!TqlyQmifxGUggEmdBN:cadence.moe', '@cadence:cadence.moe', 'cadence [they]', NULL, 0),
+('!iSyXgNxQcEuXoXpsSn:pussthecat.org', '@austin:tchncs.de', 'Austin Huang', 'mxc://tchncs.de/090a2b5e07eed2f71e84edad5207221e6c8f8b8e', 0);

 INSERT INTO reaction (hashed_event_id, message_id, encoded_emoji) VALUES
 (5162930312280790092, '1141501302736695317', '%F0%9F%90%88');