Validate phone numbers when formatting.

2025-08-21 10:58:12 +00:00 · 2013-11-26 12:44:15 -08:00
parent f7b71e5e28
commit ce5f3c5157
7 changed files with 72 additions and 26 deletions
--- a/library/src/org/whispersystems/textsecure/directory/Directory.java
+++ b/library/src/org/whispersystems/textsecure/directory/Directory.java
@@ -11,6 +11,7 @@ import android.util.Log;

 import org.whispersystems.textsecure.push.ContactTokenDetails;
 import org.whispersystems.textsecure.util.Base64;
+import org.whispersystems.textsecure.util.InvalidNumberException;
 import org.whispersystems.textsecure.util.PhoneNumberFormatter;
 import org.whispersystems.textsecure.util.Util;

@@ -157,8 +158,12 @@ public class Directory {
        String rawNumber = cursor.getString(0);

        if (rawNumber != null) {
-          String e164Number = PhoneNumberFormatter.formatNumber(rawNumber, localNumber);
-          results.add(getToken(e164Number));
+          try {
+            String e164Number = PhoneNumberFormatter.formatNumber(rawNumber, localNumber);
+            results.add(getToken(e164Number));
+          } catch (InvalidNumberException e) {
+            Log.w("Directory", "Invalid number: " + rawNumber);
+          }
        }
      }

--- a/library/src/org/whispersystems/textsecure/push/PushDestination.java
+++ b/library/src/org/whispersystems/textsecure/push/PushDestination.java
@@ -3,6 +3,7 @@ package org.whispersystems.textsecure.push;
 import android.content.Context;

 import org.whispersystems.textsecure.directory.Directory;
+import org.whispersystems.textsecure.util.InvalidNumberException;
 import org.whispersystems.textsecure.util.PhoneNumberFormatter;

 public class PushDestination {
@@ -26,6 +27,7 @@ public class PushDestination {
  public static PushDestination create(Context context,
                                       PushServiceSocket.PushCredentials credentials,
                                       String destinationNumber)
+      throws InvalidNumberException
  {
    String e164destination = PhoneNumberFormatter.formatNumber(destinationNumber, credentials.getLocalNumber(context));
    String relay           = Directory.getInstance(context).getRelay(e164destination);
--- a/library/src/org/whispersystems/textsecure/util/InvalidNumberException.java
+++ b/library/src/org/whispersystems/textsecure/util/InvalidNumberException.java
@@ -0,0 +1,7 @@
+package org.whispersystems.textsecure.util;
+
+public class InvalidNumberException extends Throwable {
+  public InvalidNumberException(String s) {
+    super(s);
+  }
+}
--- a/library/src/org/whispersystems/textsecure/util/PhoneNumberFormatter.java
+++ b/library/src/org/whispersystems/textsecure/util/PhoneNumberFormatter.java
@@ -21,7 +21,9 @@ public class PhoneNumberFormatter {
    return number.matches("^\\+[0-9]{10,}");
  }

-  private static String impreciseFormatNumber(String number, String localNumber) {
+  private static String impreciseFormatNumber(String number, String localNumber)
+      throws InvalidNumberException
+  {
    number = number.replaceAll("[^0-9+]", "");

    if (number.charAt(0) == '+')
@@ -49,9 +51,19 @@ public class PhoneNumberFormatter {
    }
  }

-  public static String formatNumber(String number, String localNumber) {
+  public static String formatNumber(String number, String localNumber)
+      throws InvalidNumberException
+  {
+    if (number.contains("@")) {
+      throw new InvalidNumberException("Possible attempt to use email address.");
+    }
+
    number = number.replaceAll("[^0-9+]", "");

+    if (number.length() == 0) {
+      throw new InvalidNumberException("No valid characters found.");
+    }
+
    if (number.charAt(0) == '+')
      return number;