From 1e1cd7ce0aa362a0a2a20a764145035be911673d Mon Sep 17 00:00:00 2001
From: Tom Smeding <tom@tomsmeding.com>
Date: Sat, 27 Feb 2021 17:39:46 +0100
Subject: server: Restrict is_online to only query users you know about

---
 command.c | 15 ++++++++++-----
 db.c      | 18 ++++++++++++++++++
 db.h      |  1 +
 3 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/command.c b/command.c
index ac6ff09..d84c456 100644
--- a/command.c
+++ b/command.c
@@ -542,14 +542,19 @@ static struct cmd_retval cmd_ping(struct conn_data *data,const char *tag,const c
 }
 
 static struct cmd_retval cmd_is_online(struct conn_data *data,const char *tag,const char **args){
-	i64 userid=db_find_user(args[0]);
-	if(userid==-1){
-		net_send_error(data->fd,tag,"User not found");
+	if (data->userid == -1) {
+		net_send_error(data->fd, tag, "Not logged in");
+		return RET_OK;
+	}
+
+	i64 userid2 = db_find_user(args[0]);
+	if (userid2 == -1 || !db_user_knows_user(data->userid, userid2)) {
+		net_send_error(data->fd, tag, "User not found");
 		return RET_OK;
 	}
 	i64 nfds;
-	(void)userdata_online(userid,&nfds);
-	return RET_CLOSE(net_send_number(data->fd,tag,nfds));
+	(void)userdata_online(userid2, &nfds);
+	return RET_CLOSE(net_send_number(data->fd, tag, nfds));
 }
 
 static struct cmd_retval cmd_firebase_token(struct conn_data *data,const char *tag,const char **args){
diff --git a/db.c b/db.c
index a349b44..e2dd6f1 100644
--- a/db.c
+++ b/db.c
@@ -453,6 +453,24 @@ bool db_delete_token(i64 userid,const char *token){
 	return success;
 }
 
+bool db_user_knows_user(i64 userid1, i64 userid2) {
+	assert(userid1 != -1 && userid2 != -1);
+	static sqlite3_stmt *stmt = NULL;
+	if (!stmt) {
+		SQLITE(prepare_v2, database,
+				"select count(*) > 0 "
+				"from Members as A, Members as B "
+				"where A.room = B.room and A.user = ? and B.user = ?"
+			,-1, &stmt, NULL);
+	}
+	SQLITE(bind_int64, stmt, 1, userid1);
+	SQLITE(bind_int64, stmt, 2, userid2);
+	assert(sqlite3_step(stmt) == SQLITE_ROW);
+	bool found = sqlite3_column_int(stmt, 0) == 1;
+	reset_stmt(stmt);
+	return found;
+}
+
 
 i64 db_create_message(i64 roomid,i64 userid,i64 timestamp,i64 replyid,const char *message){
 	static sqlite3_stmt *stmt = NULL;
diff --git a/db.h b/db.h
index 73d275a..8c545ad 100644
--- a/db.h
+++ b/db.h
@@ -59,6 +59,7 @@ i64 db_find_user(const char *name);  // -1 if not found
 struct db_strings_list db_user_tokens(i64 userid);
 bool db_add_token(i64 userid,const char *token);
 bool db_delete_token(i64 userid,const char *token);
+bool db_user_knows_user(i64 userid1,i64 userid2);  // both users have a common room
 
 i64 db_create_message(i64 roomid,i64 userid,i64 timestamp,i64 replyid,const char *message);  // returns msgid
 struct db_message_list db_get_messages(i64 roomid,i64 count);  // gets latest `count` messages in rev. chron. order
-- 
cgit v1.2.3