Always block sending keys to unverified devices of verified users (#2562)

2025-11-28 05:03:59 +03:00 · 2022-08-04 11:11:12 -04:00
parent d867affc40
commit 43b453804b
2 changed files with 127 additions and 2 deletions
--- a/src/crypto/algorithms/megolm.ts
+++ b/src/crypto/algorithms/megolm.ts
@@ -1156,10 +1156,16 @@ class MegolmEncryption extends EncryptionAlgorithm {
                    continue;
                }

+                const userTrust = this.crypto.checkUserTrust(userId);
                const deviceTrust = this.crypto.checkDeviceTrust(userId, deviceId);

                if (userDevices[deviceId].isBlocked() ||
-                    (!deviceTrust.isVerified() && isBlacklisting)
+                    (!deviceTrust.isVerified() && isBlacklisting) ||
+                    // Always withhold keys from unverified devices of verified users
+                    (!deviceTrust.isVerified() &&
+                        userTrust.isVerified() &&
+                        this.crypto.getCryptoTrustCrossSignedDevices()
+                    )
                ) {
                    if (!blocked[userId]) {
                        blocked[userId] = {};