[BUG] link_code_companion_reg notification crashes with 'Invalid buffer' during pairing

[joivo]

Describe the bug

During the pairing code flow (requestPairingCode), the WhatsApp server sends link_code_companion_reg notifications that do NOT contain the expected cryptographic fields (primary_identity_pub, link_code_pairing_wrapped_primary_ephemeral_pub). The processNotification handler in messages-recv.js assumes all link_code_companion_reg messages are the full pairing response and calls toRequiredBuffer() on undefined fields, causing a crash.

Stack trace

Error: Invalid buffer
    at toRequiredBuffer (file:///app/node_modules/baileys/lib/Socket/messages-recv.js:1026:19)
    at processNotification (file:///app/node_modules/baileys/lib/Socket/messages-recv.js:884:50)

Line 884 is:

const primaryIdentityPublicKey = toRequiredBuffer(
    getBinaryNodeChildBuffer(linkCodeCompanionReg, 'primary_identity_pub')
);

To Reproduce

1. Create a new connection with makeWASocket()
2. Call requestPairingCode(phoneNumber)
3. Receive the companion_hello response (IQ result with link_code_pairing_ref) — this works fine
4. Wait for the user to open "Linked Devices" on their phone
5. WhatsApp sends a notification (not IQ result) with type: "link_code_companion_reg" — this frame does NOT contain primary_identity_pub
6. The handler at messages-recv.js:881 processes it as a full pairing response and crashes

Frames observed

Frame 1 (works — IQ result from requestPairingCode):

{"tag":"iq","attrs":{"from":"@s.whatsapp.net","type":"result","id":"1225.47835-1"},
 "content":[{"tag":"link_code_companion_reg","attrs":{"stage":"companion_hello"},
 "content":[{"tag":"link_code_pairing_ref","attrs":{},"content":{...}}]}]}

Frame 2 (crashes — notification without pairing data):

{"tag":"notification","attrs":{"from":"@s.whatsapp.net","type":"link_code_companion_reg",
 "id":"3728034975","t":"1779850586"}}

Note: Frame 2 has tag: "notification" (not "iq"), no stage attribute, and no child nodes with cryptographic keys. The handler does not distinguish between these two frame types.

Expected behavior

The handler should check if the required fields exist before calling toRequiredBuffer(). If the notification does not contain pairing data, it should be skipped (logged and ignored) rather than crash.

Suggested fix

case 'link_code_companion_reg':
    const linkCodeCompanionReg = getBinaryNodeChild(node, 'link_code_companion_reg');
    if (!getBinaryNodeChildBuffer(linkCodeCompanionReg, 'primary_identity_pub')) {
        logger.debug({ node }, 'link_code_companion_reg notification without pairing data, skipping');
        break;
    }
    // ... rest of the handler unchanged

Environment

• Baileys version: 7.0.0-rc13
• Server: yes (Kubernetes, ~400 concurrent connections)
• connectOptions: { defaultQueryTimeoutMs: undefined, qrTimeout: 20 * 60_000 }
• Single client per IP (one pod per WhatsApp number)
• No proxy

[github-actions]

This issue is stale because it has been open for 14 days with no activity. Remove the stale label or comment or this will be closed in 14 days.