empathicqubit/Signal-Android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add additional protections around recipientIds and threadIds matching.

Browse source
This commit is contained in:
Greyson Parrelli 2022-12-23 11:26:36 -05:00
parent 4dd8e81db7
commit 3708cc5583
3 changed files with 36 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/src/main/java/org/thoughtcrime/securesms/database/ThreadTable.kt
View file

@ -12,6 +12,7 @@ import org.jsoup.helper.StringUtil
import org.signal.core.util.CursorUtil import org.signal.core.util.CursorUtil
import org.signal.core.util.SqlUtil import org.signal.core.util.SqlUtil
import org.signal.core.util.delete import org.signal.core.util.delete
import org.signal.core.util.exists
import org.signal.core.util.logging.Log import org.signal.core.util.logging.Log
import org.signal.core.util.or import org.signal.core.util.or
import org.signal.core.util.readToList import org.signal.core.util.readToList
@ -1078,7 +1079,11 @@ class ThreadTable(context: Context, databaseHelper: SignalDatabase) : DatabaseTa
Log.i(TAG, "Using remapped threadId: " + candidateId + " -> " + remapped.get()) Log.i(TAG, "Using remapped threadId: " + candidateId + " -> " + remapped.get())
remapped.get() remapped.get()
} else { } else {
if (areThreadIdAndRecipientAssociated(candidateId, recipient)) {
candidateId candidateId
} else {
throw IllegalArgumentException()
}
} }
} else { } else {
getOrCreateThreadIdFor(recipient, distributionType) getOrCreateThreadIdFor(recipient, distributionType)
@ -1094,6 +1099,13 @@ class ThreadTable(context: Context, databaseHelper: SignalDatabase) : DatabaseTa
return threadId ?: createThreadForRecipient(recipient.id, recipient.isGroup, distributionType) return threadId ?: createThreadForRecipient(recipient.id, recipient.isGroup, distributionType)
} }
fun areThreadIdAndRecipientAssociated(threadId: Long, recipient: Recipient): Boolean {
return readableDatabase
.exists(TABLE_NAME)
.where("$ID = ? AND $RECIPIENT_ID = ?", threadId, recipient.id)
.run()
}
fun getThreadIdFor(recipientId: RecipientId): Long? { fun getThreadIdFor(recipientId: RecipientId): Long? {
return readableDatabase return readableDatabase
.select(ID) .select(ID)

17
app/src/main/java/org/thoughtcrime/securesms/jobs/IndividualSendJob.java
View file

@ -84,18 +84,25 @@ public class IndividualSendJob extends PushSendJob {
this.messageId = messageId; this.messageId = messageId;
} }
@WorkerThread public static Job create(long messageId, @NonNull Recipient recipient, boolean hasMedia) {
public static void enqueue(@NonNull Context context, @NonNull JobManager jobManager, long messageId, @NonNull Recipient recipient) {
try {
if (!recipient.hasServiceId()) { if (!recipient.hasServiceId()) {
throw new AssertionError("No ServiceId!"); throw new AssertionError("No ServiceId!");
} }
if (recipient.isGroup()) {
throw new AssertionError("This job does not send group messages!");
}
return new IndividualSendJob(messageId, recipient, hasMedia);
}
@WorkerThread
public static void enqueue(@NonNull Context context, @NonNull JobManager jobManager, long messageId, @NonNull Recipient recipient) {
try {
OutgoingMessage message = SignalDatabase.messages().getOutgoingMessage(messageId); OutgoingMessage message = SignalDatabase.messages().getOutgoingMessage(messageId);
Set<String> attachmentUploadIds = enqueueCompressingAndUploadAttachmentsChains(jobManager, message); Set<String> attachmentUploadIds = enqueueCompressingAndUploadAttachmentsChains(jobManager, message);
jobManager.add(new IndividualSendJob(messageId, recipient, attachmentUploadIds.size() > 0), attachmentUploadIds, recipient.getId().toQueueKey()); jobManager.add(IndividualSendJob.create(messageId, recipient, attachmentUploadIds.size() > 0), attachmentUploadIds, recipient.getId().toQueueKey());
} catch (NoSuchMessageException | MmsException e) { } catch (NoSuchMessageException | MmsException e) {
Log.w(TAG, "Failed to enqueue message.", e); Log.w(TAG, "Failed to enqueue message.", e);
SignalDatabase.messages().markAsSentFailed(messageId); SignalDatabase.messages().markAsSentFailed(messageId);

30
app/src/main/java/org/thoughtcrime/securesms/sms/MessageSender.java
View file

@ -264,15 +264,8 @@ public class MessageSender {
MessageTable mmsDatabase = SignalDatabase.messages(); MessageTable mmsDatabase = SignalDatabase.messages();
AttachmentTable attachmentDatabase = SignalDatabase.attachments(); AttachmentTable attachmentDatabase = SignalDatabase.attachments();
long allocatedThreadId;
if (threadId == -1) {
allocatedThreadId = threadTable.getOrCreateThreadIdFor(message.getRecipient(), message.getDistributionType());
} else {
allocatedThreadId = threadId;
}
Recipient recipient = message.getRecipient(); Recipient recipient = message.getRecipient();
long allocatedThreadId = threadTable.getOrCreateValidThreadId(message.getRecipient(), threadId);
long messageId = mmsDatabase.insertMessageOutbox(applyUniversalExpireTimerIfNecessary(context, recipient, message, allocatedThreadId), long messageId = mmsDatabase.insertMessageOutbox(applyUniversalExpireTimerIfNecessary(context, recipient, message, allocatedThreadId),
allocatedThreadId, allocatedThreadId,
false, false,
@ -406,7 +399,7 @@ public class MessageSender {
} else if (recipient.isDistributionList()) { } else if (recipient.isDistributionList()) {
jobManager.add(new PushDistributionListSendJob(messageId, recipient.getId(), true, Collections.emptySet()), messageDependsOnIds, recipient.getId().toQueueKey()); jobManager.add(new PushDistributionListSendJob(messageId, recipient.getId(), true, Collections.emptySet()), messageDependsOnIds, recipient.getId().toQueueKey());
} else { } else {
jobManager.add(new IndividualSendJob(messageId, recipient, true), messageDependsOnIds, recipient.getId().toQueueKey()); jobManager.add(IndividualSendJob.create(messageId, recipient, true), messageDependsOnIds, recipient.getId().toQueueKey());
} }
} }
} }
@ -532,7 +525,7 @@ public class MessageSender {
JobManager jobManager = ApplicationDependencies.getJobManager(); JobManager jobManager = ApplicationDependencies.getJobManager();
if (uploadJobIds.size() > 0) { if (uploadJobIds.size() > 0) {
Job mediaSend = new IndividualSendJob(messageId, recipient, true); Job mediaSend = IndividualSendJob.create(messageId, recipient, true);
jobManager.add(mediaSend, uploadJobIds); jobManager.add(mediaSend, uploadJobIds);
} else { } else {
IndividualSendJob.enqueue(context, jobManager, messageId, recipient); IndividualSendJob.enqueue(context, jobManager, messageId, recipient);
@ -561,28 +554,11 @@ public class MessageSender {
} }
} }
private static void sendSms(Recipient recipient, long messageId) {
JobManager jobManager = ApplicationDependencies.getJobManager();
jobManager.add(new SmsSendJob(messageId, recipient));
}
private static void sendMms(Context context, long messageId) { private static void sendMms(Context context, long messageId) {
JobManager jobManager = ApplicationDependencies.getJobManager(); JobManager jobManager = ApplicationDependencies.getJobManager();
MmsSendJob.enqueue(context, jobManager, messageId); MmsSendJob.enqueue(context, jobManager, messageId);
} }
private static boolean isPushTextSend(Context context, Recipient recipient, boolean keyExchange) {
if (!SignalStore.account().isRegistered()) {
return false;
}
if (keyExchange) {
return false;
}
return isPushDestination(context, recipient);
}
private static boolean isPushMediaSend(Context context, Recipient recipient) { private static boolean isPushMediaSend(Context context, Recipient recipient) {
if (!SignalStore.account().isRegistered()) { if (!SignalStore.account().isRegistered()) {
return false; return false;