From a85df199a5ae273910ffbf0e8f72fe073c4b61b8 Mon Sep 17 00:00:00 2001
From: GUVWAF <78759985+GUVWAF@users.noreply.github.com>
Date: Sun, 18 Aug 2024 19:15:50 +0200
Subject: [PATCH] Only accept PKI messages for MQTT downlink if we know
 transmitter and receiver (#4498)

---
 src/mqtt/MQTT.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/mqtt/MQTT.cpp b/src/mqtt/MQTT.cpp
index d3a2bb92c..22f68bac8 100644
--- a/src/mqtt/MQTT.cpp
+++ b/src/mqtt/MQTT.cpp
@@ -164,10 +164,14 @@ void MQTT::onReceive(char *topic, byte *payload, size_t length)
 
                     // PKI messages get accepted even if we can't decrypt
                     if (router && p->which_payload_variant == meshtastic_MeshPacket_encrypted_tag &&
-                        strcmp(e.channel_id, "PKI") == 0)
-                        router->enqueueReceivedMessage(p);
-                    // ignore messages if we don't have the channel key
-                    else if (router && perhapsDecode(p))
+                        strcmp(e.channel_id, "PKI") == 0) {
+                        meshtastic_NodeInfoLite *tx = nodeDB->getMeshNode(getFrom(p));
+                        meshtastic_NodeInfoLite *rx = nodeDB->getMeshNode(p->to);
+                        // Only accept PKI messages if we have both the sender and receiver in our nodeDB, as then it's likely
+                        // they discovered each other via a channel we have downlink enabled for
+                        if (tx && tx->has_user && rx && rx->has_user)
+                            router->enqueueReceivedMessage(p);
+                    } else if (router && perhapsDecode(p)) // ignore messages if we don't have the channel key
                         router->enqueueReceivedMessage(p);
                     else
                         packetPool.release(p);