Potential index manipulation exploit on chat messages

Since the server is now the one that assigns indexes to chat messages within a chat session, it gives the server the power to add/remove, or even change contents.

 

This is related to the ack "by extension" issues explained in MC-255004 , but now under the new rules of indexed messages and acknowdelaged bitset.

 

The victim is sent:

#5 - Message A
#9 - Message B

• Reply (ack #9 Message B, and #5)

When they reply, they'll ack (with signature) message B, and also bit-set skipping 8, 7 & 6, and acking #5.

A reporter is sent:
#5 - Other Message
#7 - Message A (can be ommited)
#9 - Message B

• Reply (ack #9 Message B, and #5)

Now the reporter is free to report this context, having the victim say they saw different messages than they actually saw. Due to the nature of potentially N hidden messages, the clients don't have a way to verify the chain at all, they can't know how many messages are being skipped.

It is possible that this whole attack isn't actually doable due to something else i've overlooked, but so far it doesn't seem like anything prevents it. It also is not relevant yet since it does not seem like all the last-seen context makes it into AbuseReport's ReportEvidence, but i assume it eventually would or should make it in.