Page MenuHomePhorge
Differential D28

Do not calculate transaction id from event content
ClosedPublic
Actions

Authored by tusooa on May 11 2024, 5:00 PM.

Details

Reviewers
nannanko
Group Reviewers
O1: the Kazv Project
Commits
rLb010662c84fc: Do not calculate transaction id from event content
Summary

This removes the hash(eventContent) part from the transaction id.

Type: security

BUG: https://iron.lily-is.land/T63

Test Plan

Build kazv against this commit. Verify that sending out two different messages at almost the same time should result in a very similar transaction id (only the last few digits are different).

Diff Detail

Repository
rL libkazv
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tusooa created this revision.May 11 2024, 5:00 PM
tusooa created this object with visibility "the Kazv Project (Project)".
tusooa created this object with edit policy "the Kazv Project (Project)".
Owners added a reviewer: O1: the Kazv Project.May 11 2024, 5:00 PM
Harbormaster returned this revision to the author for changes because remote builds failed.May 11 2024, 5:00 PM
Harbormaster failed remote builds in B43: Diff 63!
tusooa requested review of this revision.May 11 2024, 5:04 PM
tusooa added a subscriber: nannanko.

@nannanko This is not added to the staging area because this is a security fix that should not be visible to the generic public until we release and make a release note about it. Please download the diff and manually apply it locally to review it.

Please treat this as the highest priority, as it has very serious security implications.

nannanko accepted this revision.May 11 2024, 6:52 PM
This revision is now accepted and ready to land.May 11 2024, 6:52 PM
This revision was landed with ongoing or failed builds.May 11 2024, 7:00 PM
Closed by commit rLb010662c84fc: Do not calculate transaction id from event content. · Explain Why
This revision was automatically updated to reflect the committed changes.
tusooa added a commit: rLb010662c84fc: Do not calculate transaction id from event content.
tusooa changed the visibility from "the Kazv Project (Project)" to "Public (No Login Required)".May 11 2024, 7:28 PM

Revision Contents
Changeset List

PathSizePackages
src/
client/
8 linesO1: the Kazv Project

Diff 64

View Options

src/client/clientutil.cpp

Loading...