From addea8d3400a352ce7bb152f99527e72a8e716ee Mon Sep 17 00:00:00 2001 From: Moxie Marlinspike Date: Tue, 3 Jun 2014 14:50:37 -0700 Subject: [PATCH] Validate recipients at send time rather than when constructed. Fixes #665 --- .../securesms/recipients/RecipientFactory.java | 18 ++++-------------- .../securesms/transport/SmsTransport.java | 5 +++++ 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/src/org/thoughtcrime/securesms/recipients/RecipientFactory.java b/src/org/thoughtcrime/securesms/recipients/RecipientFactory.java index 574df57302..0ed8f4aec5 100644 --- a/src/org/thoughtcrime/securesms/recipients/RecipientFactory.java +++ b/src/org/thoughtcrime/securesms/recipients/RecipientFactory.java @@ -102,22 +102,15 @@ public class RecipientFactory { (recipient.indexOf('>', openBracketIndex) != -1); } - private static String parseBracketedNumber(String recipient) - throws RecipientFormattingException - { + private static String parseBracketedNumber(String recipient) { int begin = recipient.indexOf('<'); int end = recipient.indexOf('>', begin); String value = recipient.substring(begin + 1, end); - if (NumberUtil.isValidSmsOrEmail(value)) - return value; - else - throw new RecipientFormattingException("Bracketed value: " + value + " is not valid."); + return value; } - private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous) - throws RecipientFormattingException - { + private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous) { recipient = recipient.trim(); if( recipient.length() == 0 ) @@ -126,10 +119,7 @@ public class RecipientFactory { if (hasBracketedNumber(recipient)) return getRecipientForNumber(context, parseBracketedNumber(recipient), asynchronous); - if (NumberUtil.isValidSmsOrEmailOrGroup(recipient)) - return getRecipientForNumber(context, recipient, asynchronous); - - throw new RecipientFormattingException("Recipient: " + recipient + " is badly formatted."); + return getRecipientForNumber(context, recipient, asynchronous); } public static void clearCache() { diff --git a/src/org/thoughtcrime/securesms/transport/SmsTransport.java b/src/org/thoughtcrime/securesms/transport/SmsTransport.java index a8c1023a3d..4817aa219c 100644 --- a/src/org/thoughtcrime/securesms/transport/SmsTransport.java +++ b/src/org/thoughtcrime/securesms/transport/SmsTransport.java @@ -28,6 +28,7 @@ import org.thoughtcrime.securesms.sms.MultipartSmsMessageHandler; import org.thoughtcrime.securesms.sms.OutgoingPrekeyBundleMessage; import org.thoughtcrime.securesms.sms.OutgoingTextMessage; import org.thoughtcrime.securesms.sms.SmsTransportDetails; +import org.thoughtcrime.securesms.util.NumberUtil; import org.thoughtcrime.securesms.util.TextSecurePreferences; import org.whispersystems.textsecure.crypto.MasterSecret; import org.whispersystems.textsecure.crypto.SessionCipher; @@ -54,6 +55,10 @@ public class SmsTransport extends BaseTransport { throw new UndeliverableMessageException("SMS Transport is not enabled!"); } + if (!NumberUtil.isValidSmsOrEmail(message.getIndividualRecipient().getNumber())) { + throw new UndeliverableMessageException("Not a valid SMS destination! " + message.getIndividualRecipient().getNumber()); + } + if (message.isSecure() || message.isKeyExchange() || message.isEndSession()) { deliverSecureMessage(message); } else {