Validate recipients at send time rather than when constructed.

Fixes #665
This commit is contained in:
Moxie Marlinspike 2014-06-03 14:50:37 -07:00
parent 59899b1caf
commit addea8d340
2 changed files with 9 additions and 14 deletions

View File

@ -102,22 +102,15 @@ public class RecipientFactory {
(recipient.indexOf('>', openBracketIndex) != -1);
}
private static String parseBracketedNumber(String recipient)
throws RecipientFormattingException
{
private static String parseBracketedNumber(String recipient) {
int begin = recipient.indexOf('<');
int end = recipient.indexOf('>', begin);
String value = recipient.substring(begin + 1, end);
if (NumberUtil.isValidSmsOrEmail(value))
return value;
else
throw new RecipientFormattingException("Bracketed value: " + value + " is not valid.");
return value;
}
private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous)
throws RecipientFormattingException
{
private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous) {
recipient = recipient.trim();
if( recipient.length() == 0 )
@ -126,10 +119,7 @@ public class RecipientFactory {
if (hasBracketedNumber(recipient))
return getRecipientForNumber(context, parseBracketedNumber(recipient), asynchronous);
if (NumberUtil.isValidSmsOrEmailOrGroup(recipient))
return getRecipientForNumber(context, recipient, asynchronous);
throw new RecipientFormattingException("Recipient: " + recipient + " is badly formatted.");
return getRecipientForNumber(context, recipient, asynchronous);
}
public static void clearCache() {

View File

@ -28,6 +28,7 @@ import org.thoughtcrime.securesms.sms.MultipartSmsMessageHandler;
import org.thoughtcrime.securesms.sms.OutgoingPrekeyBundleMessage;
import org.thoughtcrime.securesms.sms.OutgoingTextMessage;
import org.thoughtcrime.securesms.sms.SmsTransportDetails;
import org.thoughtcrime.securesms.util.NumberUtil;
import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.textsecure.crypto.MasterSecret;
import org.whispersystems.textsecure.crypto.SessionCipher;
@ -54,6 +55,10 @@ public class SmsTransport extends BaseTransport {
throw new UndeliverableMessageException("SMS Transport is not enabled!");
}
if (!NumberUtil.isValidSmsOrEmail(message.getIndividualRecipient().getNumber())) {
throw new UndeliverableMessageException("Not a valid SMS destination! " + message.getIndividualRecipient().getNumber());
}
if (message.isSecure() || message.isKeyExchange() || message.isEndSession()) {
deliverSecureMessage(message);
} else {