search

matrix-org / matrix-rust-sdk

Matrix Client-Server SDK for Rust
Apache License 2.0
1.26k stars 246 forks source link

Device | Pitfall with `set_local_trust` on `Device` that is triggering a full `DeviceChange` and can overwrite other changes. #4073

Open BillCarsonFr opened 1 month ago

BillCarsonFr commented 1 month ago

There is a pitfall with Device and set_local_trust. If you keep a Device object around for some time then later on do a set_local_trust it is doing a full DeviceChanges that would overwrite changes that could have happens during that time (things like deleted olm_wedging_index withheld_code_sent)

Here https://github.com/matrix-org/matrix-rust-sdk/blob/65b422312c27a1b7f5a8e25f1156d1a1d6691cc1/crates/matrix-sdk-crypto/src/identities/device.rs#L396-L402

Exposed in sdk here https://github.com/matrix-org/matrix-rust-sdk/blob/65b422312c27a1b7f5a8e25f1156d1a1d6691cc1/crates/matrix-sdk/src/encryption/identities/devices.rs#L548

andybalaam commented 4 weeks ago

Device updates from keys_query do not have cryptographically-meaningful effects, so this is not too serious, except that we might forget a new signature. This does not happen very often.