Validate recipients at send time rather than when constructed.

Fixes #665
This commit is contained in:
Moxie Marlinspike 2014-06-03 14:50:37 -07:00
parent 59899b1caf
commit addea8d340
2 changed files with 9 additions and 14 deletions

View File

@ -102,22 +102,15 @@ public class RecipientFactory {
(recipient.indexOf('>', openBracketIndex) != -1); (recipient.indexOf('>', openBracketIndex) != -1);
} }
private static String parseBracketedNumber(String recipient) private static String parseBracketedNumber(String recipient) {
throws RecipientFormattingException
{
int begin = recipient.indexOf('<'); int begin = recipient.indexOf('<');
int end = recipient.indexOf('>', begin); int end = recipient.indexOf('>', begin);
String value = recipient.substring(begin + 1, end); String value = recipient.substring(begin + 1, end);
if (NumberUtil.isValidSmsOrEmail(value))
return value; return value;
else
throw new RecipientFormattingException("Bracketed value: " + value + " is not valid.");
} }
private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous) private static Recipient parseRecipient(Context context, String recipient, boolean asynchronous) {
throws RecipientFormattingException
{
recipient = recipient.trim(); recipient = recipient.trim();
if( recipient.length() == 0 ) if( recipient.length() == 0 )
@ -126,10 +119,7 @@ public class RecipientFactory {
if (hasBracketedNumber(recipient)) if (hasBracketedNumber(recipient))
return getRecipientForNumber(context, parseBracketedNumber(recipient), asynchronous); return getRecipientForNumber(context, parseBracketedNumber(recipient), asynchronous);
if (NumberUtil.isValidSmsOrEmailOrGroup(recipient))
return getRecipientForNumber(context, recipient, asynchronous); return getRecipientForNumber(context, recipient, asynchronous);
throw new RecipientFormattingException("Recipient: " + recipient + " is badly formatted.");
} }
public static void clearCache() { public static void clearCache() {

View File

@ -28,6 +28,7 @@ import org.thoughtcrime.securesms.sms.MultipartSmsMessageHandler;
import org.thoughtcrime.securesms.sms.OutgoingPrekeyBundleMessage; import org.thoughtcrime.securesms.sms.OutgoingPrekeyBundleMessage;
import org.thoughtcrime.securesms.sms.OutgoingTextMessage; import org.thoughtcrime.securesms.sms.OutgoingTextMessage;
import org.thoughtcrime.securesms.sms.SmsTransportDetails; import org.thoughtcrime.securesms.sms.SmsTransportDetails;
import org.thoughtcrime.securesms.util.NumberUtil;
import org.thoughtcrime.securesms.util.TextSecurePreferences; import org.thoughtcrime.securesms.util.TextSecurePreferences;
import org.whispersystems.textsecure.crypto.MasterSecret; import org.whispersystems.textsecure.crypto.MasterSecret;
import org.whispersystems.textsecure.crypto.SessionCipher; import org.whispersystems.textsecure.crypto.SessionCipher;
@ -54,6 +55,10 @@ public class SmsTransport extends BaseTransport {
throw new UndeliverableMessageException("SMS Transport is not enabled!"); throw new UndeliverableMessageException("SMS Transport is not enabled!");
} }
if (!NumberUtil.isValidSmsOrEmail(message.getIndividualRecipient().getNumber())) {
throw new UndeliverableMessageException("Not a valid SMS destination! " + message.getIndividualRecipient().getNumber());
}
if (message.isSecure() || message.isKeyExchange() || message.isEndSession()) { if (message.isSecure() || message.isKeyExchange() || message.isEndSession()) {
deliverSecureMessage(message); deliverSecureMessage(message);
} else { } else {