Reject key requests for users that are not members of the room

3 files changed, 24 insertions, 0 deletions

diff --git a/src/Cache.cpp b/src/Cache.cpp
index a1242633..b12c8679 100644
--- a/src/Cache.cpp
+++ b/src/Cache.cpp
@@ -1714,6 +1714,19 @@ Cache::getMembers(const std::string &room_id, std::size_t startIndex, std::size_
         return members;
 }
 
+bool
+Cache::isRoomMember(const std::string &user_id, const std::string &room_id)
+{
+        auto txn = lmdb::txn::begin(env_);
+        auto db  = getMembersDb(txn, room_id);
+
+        lmdb::val value;
+        bool res = lmdb::dbi_get(txn, db, lmdb::val(user_id), value);
+        txn.commit();
+
+        return res;
+}
+
 void
 Cache::saveTimelineMessages(lmdb::txn &txn,
                             const std::string &room_id,
diff --git a/src/Cache.h b/src/Cache.h
index d5d1729e..beca502f 100644
--- a/src/Cache.h
+++ b/src/Cache.h
@@ -400,6 +400,9 @@ public:
         void setDeviceList(const std::string &user_id, const std::vector<std::string> &devices);
         std::vector<std::string> getDeviceList(const std::string &user_id);
 
+        //! Check if a user is a member of the room.
+        bool isRoomMember(const std::string &user_id, const std::string &room_id);
+
         //
         // Outbound Megolm Sessions
         //
diff --git a/src/Olm.cpp b/src/Olm.cpp
index fe4265d7..963bea41 100644
--- a/src/Olm.cpp
+++ b/src/Olm.cpp
@@ -369,6 +369,14 @@ handle_key_request_message(const mtx::events::msg::KeyRequest &req)
                 return;
         }
 
+        if (!cache::client()->isRoomMember(req.sender, req.room_id)) {
+                nhlog::crypto()->warn(
+                  "user {} that requested the session key is not member of the room {}",
+                  req.sender,
+                  req.room_id);
+                return;
+        }
+
         //
         // Prepare the m.room_key event.
         //