From 4f2d526c52462919a85e4d6cd2556d3914c49b90 Mon Sep 17 00:00:00 2001
From: bontric <benjohnwie@gmail.com>
Date: Fri, 28 Sep 2018 20:16:35 +0200
Subject: [PATCH] Check if contact Id matches expected Id if we receive a
 stream from the mailbox

---
 .../bramble/mailbox/sessions/MailboxOwnerSession.java    | 2 +-
 .../bramble/mailbox/sessions/PrivateMailboxSession.java  | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/MailboxOwnerSession.java b/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/MailboxOwnerSession.java
index 3bb2d2edc..505aa71f8 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/MailboxOwnerSession.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/MailboxOwnerSession.java
@@ -78,7 +78,7 @@ public class MailboxOwnerSession extends AbstractMailboxSession {
 		while (nextStream != null) {
 			// Send TAKE request and delete stream if request was successfull
 			MailboxRequestTake req =
-					new MailboxRequestTake(nextStream.getStream());
+					new MailboxRequestTake(nextStream.getContactId(), nextStream.getStream());
 			mailboxProtocol.writeRequest(req);
 
 			if (req.awaitAndGetResponse())
diff --git a/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/PrivateMailboxSession.java b/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/PrivateMailboxSession.java
index a43c6601d..6ef03aebd 100644
--- a/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/PrivateMailboxSession.java
+++ b/bramble-core/src/main/java/org/briarproject/bramble/mailbox/sessions/PrivateMailboxSession.java
@@ -47,7 +47,8 @@ public class PrivateMailboxSession extends AbstractMailboxSession {
 			MailboxProtocol mailboxProtocol, int transportMaxLatency,
 			int transportMaxIdleTime, DatabaseComponent db) {
 
-		super(ioExecutor, db, keyManager, syncSessionFactory, streamWriterFactory,
+		super(ioExecutor, db, keyManager, syncSessionFactory,
+				streamWriterFactory,
 				streamReaderFactory, mailboxProtocol, transportMaxLatency,
 				transportMaxIdleTime, contactId);
 		this.syncSessionFactory = syncSessionFactory;
@@ -113,11 +114,13 @@ public class PrivateMailboxSession extends AbstractMailboxSession {
 			MailboxRequestTake takeRequest = (MailboxRequestTake) request;
 			InputStream in = new ByteArrayInputStream(
 					takeRequest.getEncryptedSyncStream());
-
 			try {
-
 				StreamContext ctx = readTag(in);
 
+				if (ctx.getContactId() != (takeRequest.getContactId()))
+					throw new ProtocolException(
+							"Stream does not match expected contactId");
+
 				InputStream reader =
 						streamReaderFactory.createStreamReader(in, ctx);
 
-- 
GitLab