Validate MMS delivery destination.

We can't depend on validated Recipients anymore, so this adds
parity to the validation the SMS transport does now.

Fixes #1592
This commit is contained in:
Moxie Marlinspike 2014-06-13 16:15:33 -07:00
parent ba1055df8e
commit 2d739a324e

View File

@ -31,6 +31,7 @@ import org.thoughtcrime.securesms.protocol.WirePrefix;
import org.thoughtcrime.securesms.recipients.Recipient;
import org.thoughtcrime.securesms.recipients.RecipientFactory;
import org.thoughtcrime.securesms.recipients.RecipientFormattingException;
import org.thoughtcrime.securesms.util.NumberUtil;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.textsecure.crypto.MasterSecret;
import org.whispersystems.textsecure.crypto.SessionCipher;
@ -72,6 +73,8 @@ public class MmsTransport {
throw new UndeliverableMessageException("MMS Transport is not enabled!");
}
validateDestinations(message);
try {
if (isCdmaDevice()) {
Log.w("MmsTransport", "Sending MMS directly without radio change...");
@ -197,4 +200,35 @@ public class MmsTransport {
.getPhoneType() == TelephonyManager.PHONE_TYPE_CDMA;
}
private void validateDestination(EncodedStringValue destination) throws UndeliverableMessageException {
if (destination == null || !NumberUtil.isValidSmsOrEmail(destination.getString())) {
throw new UndeliverableMessageException("Invalid destination: " +
(destination == null ? null : destination.getString()));
}
}
private void validateDestinations(SendReq message) throws UndeliverableMessageException {
if (message.getTo() != null) {
for (EncodedStringValue to : message.getTo()) {
validateDestination(to);
}
}
if (message.getCc() != null) {
for (EncodedStringValue cc : message.getCc()) {
validateDestination(cc);
}
}
if (message.getBcc() != null) {
for (EncodedStringValue bcc : message.getBcc()) {
validateDestination(bcc);
}
}
if (message.getTo() == null && message.getCc() == null && message.getBcc() == null) {
throw new UndeliverableMessageException("No to, cc, or bcc specified!");
}
}
}