From d908d0f817615c2bc8b732050c6bc8576d88f31a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damir=20Jeli=C4=87?= <poljar@termina.org.uk>
Date: Thu, 20 Aug 2020 15:17:19 +0200
Subject: [PATCH] crypto: Don't allow user identities to verify devices of
 other users.

---
 matrix_sdk_crypto/src/user_identity.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/matrix_sdk_crypto/src/user_identity.rs b/matrix_sdk_crypto/src/user_identity.rs
index 138cbd17..2a1206ca 100644
--- a/matrix_sdk_crypto/src/user_identity.rs
+++ b/matrix_sdk_crypto/src/user_identity.rs
@@ -332,6 +332,10 @@ impl UserIdentity {
     /// Returns an empty result if the signature check succeeded, otherwise a
     /// SignatureError indicating why the check failed.
     pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
+        if self.user_id() != device.user_id() {
+            return Err(SignatureError::UserIdMissmatch);
+        }
+
         self.self_signing_key.verify_device(device)
     }
 }
@@ -413,6 +417,10 @@ impl OwnUserIdentity {
     /// Returns an empty result if the signature check succeeded, otherwise a
     /// SignatureError indicating why the check failed.
     pub fn is_device_signed(&self, device: &ReadOnlyDevice) -> Result<(), SignatureError> {
+        if self.user_id() != device.user_id() {
+            return Err(SignatureError::UserIdMissmatch);
+        }
+
         self.self_signing_key.verify_device(device)
     }