Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

timeline: when trying to edit/abort on a stale local echo, retry on matching remote echo #3640

Merged
merged 4 commits into from
Jul 3, 2024
Merged

timeline: when trying to edit/abort on a stale local echo, retry on matching remote echo #3640

merged 4 commits into from
Jul 3, 2024

Conversation

bnjbvr
Copy link
Member

@bnjbvr bnjbvr commented Jul 2, 2024
edited
Loading

It's quite easy for consumers of the UI crate to get a stale EditInfo or EventTimelineItem, when trying to abort/edit an event:

  1. embedder gets an EditInfo or EventTimelineItem from the local echo
  2. timeline updates the item to a remote echo
  3. editing or aborting using the EditInfo / EventTimelineItem obtained in step 1 would fail, before this patch.

So this is some kind of time-of-check/time-of-use bug, with no security implications.

After this patch, we use better strategies, both for edits and redactions:

  • for edits, we try to find an updated local item in the timeline items that would now have an event id (== it's been sent), or a matching remote echo (that does have an event id). This covers all the transitions (local echo => local echo with an event id => remote echo with an event id).
  • for redactions, we use the more precise TimelineItem.identifier() method, which will get an event id if the local echo has been sent. There's no TOCTOU issue, because the redact() method takes the event timeline item directly, and not an EditInfo.

Part of #3361.

@bnjbvr bnjbvr requested a review from a team as a code owner July 2, 2024 14:37
@bnjbvr bnjbvr requested review from poljar and removed request for a team July 2, 2024 14:37
@codecov Codecov
Copy link

codecov bot commented Jul 2, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 70.00000% with 12 lines in your changes missing coverage. Please review.

Project coverage is 84.25%. Comparing base (d60ec55) to head (7824e8f).
Report is 12 commits behind head on main.

Files Patch % Lines
crates/matrix-sdk-ui/src/timeline/mod.rs 67.56% 12 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3640      +/-   ##
==========================================
+ Coverage   84.23%   84.25%   +0.01%     
==========================================
  Files         259      259              
  Lines       26555    26575      +20     
==========================================
+ Hits        22369    22390      +21     
+ Misses       4186     4185       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@bnjbvr bnjbvr force-pushed the bnjbvr/timeline-abort-edit branch 2 times, most recently from 46584ca to 30ac783 Compare July 2, 2024 15:06
poljar
poljar approved these changes Jul 3, 2024
View reviewed changes
Copy link
Contributor

@poljar poljar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I understood this PR, I think it looks good. Left a small doc nit.

crates/matrix-sdk-ui/src/timeline/mod.rs Outdated Show resolved Hide resolved
@bnjbvr bnjbvr force-pushed the bnjbvr/timeline-abort-edit branch 2 times, most recently from 57c0d86 to d6f3266 Compare July 3, 2024 13:16
@bnjbvr bnjbvr enabled auto-merge (rebase) July 3, 2024 13:16
@bnjbvr bnjbvr force-pushed the bnjbvr/timeline-abort-edit branch from d6f3266 to 7824e8f Compare July 3, 2024 13:33
@bnjbvr bnjbvr merged commit cdc3743 into main Jul 3, 2024
38 checks passed
@bnjbvr bnjbvr deleted the bnjbvr/timeline-abort-edit branch July 3, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@poljar poljar poljar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bnjbvr @poljar