Page MenuHomePhorge

Do not calculate transaction id from event content
ClosedPublic

Authored by tusooa on May 11 2024, 5:00 PM.
Tags
None
Referenced Files
F3365: D28.id66.diff
Tue, Jun 18, 9:21 AM
F3306: D28.id63.diff
Mon, Jun 17, 7:05 PM
F3305: D28.id.diff
Mon, Jun 17, 7:04 PM
F3304: D28.id64.diff
Mon, Jun 17, 7:03 PM
F3285: D28.diff
Mon, Jun 17, 6:50 PM
Unknown Object (File)
Mon, Jun 17, 5:52 AM
Unknown Object (File)
Sun, Jun 16, 12:19 PM
Unknown Object (File)
Sat, Jun 15, 7:17 AM
Subscribers

Details

Summary

This removes the hash(eventContent) part from the transaction id.

Type: security

BUG: https://iron.lily-is.land/T63

Test Plan

Build kazv against this commit. Verify that sending out two different messages at almost the same time should result in a very similar transaction id (only the last few digits are different).

Diff Detail

Repository
rL libkazv
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tusooa created this object with visibility "the Kazv Project (Project)".
tusooa created this object with edit policy "the Kazv Project (Project)".
Harbormaster returned this revision to the author for changes because remote builds failed.May 11 2024, 5:00 PM
Harbormaster failed remote builds in B43: Diff 63!
tusooa added a subscriber: nannanko.

@nannanko This is not added to the staging area because this is a security fix that should not be visible to the generic public until we release and make a release note about it. Please download the diff and manually apply it locally to review it.

Please treat this as the highest priority, as it has very serious security implications.

This revision is now accepted and ready to land.May 11 2024, 6:52 PM
This revision was landed with ongoing or failed builds.May 11 2024, 7:00 PM
This revision was automatically updated to reflect the committed changes.
tusooa changed the visibility from "the Kazv Project (Project)" to "Public (No Login Required)".May 11 2024, 7:28 PM