mirror of
https://code.briarproject.org/briar/briar.git
synced 2026-02-16 12:49:55 +01:00
Truncate all messages to valid length before sending.
This commit is contained in:
akwizgran
@@ -11,6 +11,7 @@ import org.briarproject.api.sync.GroupId;
|
||||
import org.briarproject.api.sync.Message;
|
||||
import org.briarproject.api.sync.MessageId;
|
||||
import org.briarproject.api.system.Clock;
|
||||
import org.briarproject.util.StringUtils;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.jetbrains.annotations.Nullable;
|
||||
|
||||
@@ -18,6 +19,7 @@ import java.security.GeneralSecurityException;
|
||||
|
||||
import javax.inject.Inject;
|
||||
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_COMMENT_LENGTH;
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_POST_BODY_LENGTH;
|
||||
import static org.briarproject.api.blogs.MessageType.COMMENT;
|
||||
import static org.briarproject.api.blogs.MessageType.POST;
|
||||
@@ -42,7 +44,8 @@ class BlogPostFactoryImpl implements BlogPostFactory {
|
||||
throws FormatException, GeneralSecurityException {
|
||||
|
||||
// Validate the arguments
|
||||
if (body.length() > MAX_BLOG_POST_BODY_LENGTH)
|
||||
int bodyLength = StringUtils.toUtf8(body).length;
|
||||
if (bodyLength > MAX_BLOG_POST_BODY_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
|
||||
// Serialise the data to be signed
|
||||
@@ -62,6 +65,13 @@ class BlogPostFactoryImpl implements BlogPostFactory {
|
||||
@Nullable String comment, MessageId pOriginalId, MessageId parentId)
|
||||
throws FormatException, GeneralSecurityException {
|
||||
|
||||
if (comment != null) {
|
||||
int commentLength = StringUtils.toUtf8(comment).length;
|
||||
if (commentLength == 0) throw new IllegalArgumentException();
|
||||
if (commentLength > MAX_BLOG_COMMENT_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
}
|
||||
|
||||
long timestamp = clock.currentTimeMillis();
|
||||
|
||||
// Generate the signature
|
||||
|
||||
@@ -40,6 +40,7 @@ import static org.briarproject.api.blogs.BlogConstants.KEY_READ;
|
||||
import static org.briarproject.api.blogs.BlogConstants.KEY_TIMESTAMP;
|
||||
import static org.briarproject.api.blogs.BlogConstants.KEY_TIME_RECEIVED;
|
||||
import static org.briarproject.api.blogs.BlogConstants.KEY_TYPE;
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_COMMENT_LENGTH;
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_POST_BODY_LENGTH;
|
||||
import static org.briarproject.api.blogs.MessageType.COMMENT;
|
||||
import static org.briarproject.api.blogs.MessageType.POST;
|
||||
@@ -125,7 +126,7 @@ class BlogPostValidator extends BdfMessageValidator {
|
||||
|
||||
// Comment
|
||||
String comment = body.getOptionalString(0);
|
||||
checkLength(comment, 1, MAX_BLOG_POST_BODY_LENGTH);
|
||||
checkLength(comment, 1, MAX_BLOG_COMMENT_LENGTH);
|
||||
|
||||
// parent_original_id
|
||||
// The ID of a post or comment in this group or another group
|
||||
@@ -216,7 +217,7 @@ class BlogPostValidator extends BdfMessageValidator {
|
||||
|
||||
// Body of Wrapped Comment
|
||||
String comment = body.getOptionalString(2);
|
||||
checkLength(comment, 1, MAX_BLOG_POST_BODY_LENGTH);
|
||||
checkLength(comment, 1, MAX_BLOG_COMMENT_LENGTH);
|
||||
|
||||
// c_parent_original_id
|
||||
// Taken from the original comment
|
||||
|
||||
@@ -484,10 +484,7 @@ class FeedManagerImpl implements FeedManager, Client, EventListener {
|
||||
|
||||
private String getPostBody(String text) {
|
||||
text = clean(text, article);
|
||||
byte[] textBytes = StringUtils.toUtf8(text);
|
||||
if (textBytes.length <= MAX_BLOG_POST_BODY_LENGTH)
|
||||
return text;
|
||||
return StringUtils.fromUtf8(textBytes, 0, MAX_BLOG_POST_BODY_LENGTH);
|
||||
return StringUtils.truncateUtf8(text, MAX_BLOG_POST_BODY_LENGTH);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -31,6 +31,7 @@ import static org.briarproject.api.introduction.IntroductionConstants.CONTACT_ID
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.CONTACT_ID_2;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.GROUP_ID_1;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.GROUP_ID_2;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MAX_INTRODUCTION_MESSAGE_LENGTH;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MESSAGE_TIME;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MSG;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.PUBLIC_KEY1;
|
||||
@@ -103,7 +104,7 @@ class IntroducerManager {
|
||||
return d;
|
||||
}
|
||||
|
||||
public void makeIntroduction(Transaction txn, Contact c1, Contact c2,
|
||||
void makeIntroduction(Transaction txn, Contact c1, Contact c2,
|
||||
String msg, long timestamp) throws DbException, FormatException {
|
||||
|
||||
// TODO check for existing session with those contacts?
|
||||
@@ -116,6 +117,9 @@ class IntroducerManager {
|
||||
BdfDictionary localAction = new BdfDictionary();
|
||||
localAction.put(TYPE, TYPE_REQUEST);
|
||||
if (!StringUtils.isNullOrEmpty(msg)) {
|
||||
int msgLength = StringUtils.toUtf8(msg).length;
|
||||
if (msgLength > MAX_INTRODUCTION_MESSAGE_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
localAction.put(MSG, msg);
|
||||
}
|
||||
localAction.put(PUBLIC_KEY1, c1.getAuthor().getPublicKey());
|
||||
|
||||
@@ -21,6 +21,7 @@ import static org.briarproject.api.introduction.IntroductionConstants.E_PUBLIC_K
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.GROUP_ID;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MAC;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MAC_LENGTH;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MAX_INTRODUCTION_MESSAGE_LENGTH;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MESSAGE_ID;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MESSAGE_TIME;
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.MSG;
|
||||
@@ -37,7 +38,6 @@ import static org.briarproject.api.introduction.IntroductionConstants.TYPE_REQUE
|
||||
import static org.briarproject.api.introduction.IntroductionConstants.TYPE_RESPONSE;
|
||||
import static org.briarproject.api.properties.TransportPropertyConstants.MAX_PROPERTIES_PER_TRANSPORT;
|
||||
import static org.briarproject.api.properties.TransportPropertyConstants.MAX_PROPERTY_LENGTH;
|
||||
import static org.briarproject.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
|
||||
|
||||
class IntroductionValidator extends BdfMessageValidator {
|
||||
|
||||
@@ -92,7 +92,7 @@ class IntroductionValidator extends BdfMessageValidator {
|
||||
String msg = null;
|
||||
if (message.size() == 5) {
|
||||
msg = message.getString(4);
|
||||
checkLength(msg, 0, MAX_MESSAGE_BODY_LENGTH);
|
||||
checkLength(msg, 0, MAX_INTRODUCTION_MESSAGE_LENGTH);
|
||||
}
|
||||
|
||||
// Return the metadata
|
||||
|
||||
@@ -204,6 +204,7 @@ class BlogSharingManagerImpl extends
|
||||
.createBlog(msg.getBlogTitle(), msg.getBlogDesc(), author);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Blog parse(BlogInviteeSessionState state) {
|
||||
Author author = authorFactory
|
||||
.createAuthor(state.getBlogAuthorName(),
|
||||
|
||||
@@ -16,14 +16,15 @@ import javax.inject.Inject;
|
||||
|
||||
import static org.briarproject.api.blogs.BlogConstants.BLOG_AUTHOR_NAME;
|
||||
import static org.briarproject.api.blogs.BlogConstants.BLOG_DESC;
|
||||
import static org.briarproject.api.blogs.BlogConstants.BLOG_TITLE;
|
||||
import static org.briarproject.api.blogs.BlogConstants.BLOG_PUBLIC_KEY;
|
||||
import static org.briarproject.api.blogs.BlogConstants.BLOG_TITLE;
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_DESC_LENGTH;
|
||||
import static org.briarproject.api.blogs.BlogConstants.MAX_BLOG_TITLE_LENGTH;
|
||||
import static org.briarproject.api.identity.AuthorConstants.MAX_AUTHOR_NAME_LENGTH;
|
||||
import static org.briarproject.api.identity.AuthorConstants.MAX_PUBLIC_KEY_LENGTH;
|
||||
import static org.briarproject.api.sharing.SharingConstants.INVITATION_MSG;
|
||||
import static org.briarproject.api.sharing.SharingConstants.LOCAL;
|
||||
import static org.briarproject.api.sharing.SharingConstants.MAX_INVITATION_MESSAGE_LENGTH;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SESSION_ID;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_ABORT;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_ACCEPT;
|
||||
@@ -32,7 +33,6 @@ import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_INVIT
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_LEAVE;
|
||||
import static org.briarproject.api.sharing.SharingConstants.TIME;
|
||||
import static org.briarproject.api.sharing.SharingConstants.TYPE;
|
||||
import static org.briarproject.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
|
||||
|
||||
class BlogSharingValidator extends BdfMessageValidator {
|
||||
|
||||
@@ -76,7 +76,7 @@ class BlogSharingValidator extends BdfMessageValidator {
|
||||
|
||||
if (body.size() > 5) {
|
||||
String msg = body.getString(5);
|
||||
checkLength(msg, 0, MAX_MESSAGE_BODY_LENGTH);
|
||||
checkLength(msg, 0, MAX_INVITATION_MESSAGE_LENGTH);
|
||||
d.put(INVITATION_MSG, msg);
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -167,6 +167,7 @@ class ForumSharingManagerImpl extends
|
||||
.createForum(msg.getForumName(), msg.getForumSalt());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Forum parse(ForumInviteeSessionState state) {
|
||||
return forumFactory
|
||||
.createForum(state.getForumName(), state.getForumSalt());
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
package org.briarproject.sharing;
|
||||
|
||||
import org.briarproject.api.FormatException;
|
||||
import org.briarproject.api.clients.BdfMessageContext;
|
||||
import org.briarproject.api.clients.ClientHelper;
|
||||
import org.briarproject.api.clients.SessionId;
|
||||
import org.briarproject.api.clients.BdfMessageContext;
|
||||
import org.briarproject.api.data.BdfDictionary;
|
||||
import org.briarproject.api.data.BdfList;
|
||||
import org.briarproject.api.data.MetadataEncoder;
|
||||
@@ -20,6 +20,7 @@ import static org.briarproject.api.forum.ForumConstants.FORUM_SALT_LENGTH;
|
||||
import static org.briarproject.api.forum.ForumConstants.MAX_FORUM_NAME_LENGTH;
|
||||
import static org.briarproject.api.sharing.SharingConstants.INVITATION_MSG;
|
||||
import static org.briarproject.api.sharing.SharingConstants.LOCAL;
|
||||
import static org.briarproject.api.sharing.SharingConstants.MAX_INVITATION_MESSAGE_LENGTH;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SESSION_ID;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_ABORT;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_ACCEPT;
|
||||
@@ -28,7 +29,6 @@ import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_INVIT
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARE_MSG_TYPE_LEAVE;
|
||||
import static org.briarproject.api.sharing.SharingConstants.TIME;
|
||||
import static org.briarproject.api.sharing.SharingConstants.TYPE;
|
||||
import static org.briarproject.api.sync.SyncConstants.MAX_MESSAGE_BODY_LENGTH;
|
||||
|
||||
class ForumSharingValidator extends BdfMessageValidator {
|
||||
|
||||
@@ -61,7 +61,7 @@ class ForumSharingValidator extends BdfMessageValidator {
|
||||
|
||||
if (body.size() > 4) {
|
||||
String msg = body.getString(4);
|
||||
checkLength(msg, 0, MAX_MESSAGE_BODY_LENGTH);
|
||||
checkLength(msg, 0, MAX_INVITATION_MESSAGE_LENGTH);
|
||||
d.put(INVITATION_MSG, msg);
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -29,7 +29,6 @@ import org.briarproject.api.sharing.InvitationItem;
|
||||
import org.briarproject.api.sharing.InvitationMessage;
|
||||
import org.briarproject.api.sharing.Shareable;
|
||||
import org.briarproject.api.sharing.SharingManager;
|
||||
import org.briarproject.api.sync.ClientId;
|
||||
import org.briarproject.api.sync.Group;
|
||||
import org.briarproject.api.sync.GroupId;
|
||||
import org.briarproject.api.sync.Message;
|
||||
@@ -58,6 +57,7 @@ import static org.briarproject.api.clients.ProtocolEngine.StateUpdate;
|
||||
import static org.briarproject.api.sharing.SharingConstants.CONTACT_ID;
|
||||
import static org.briarproject.api.sharing.SharingConstants.IS_SHARER;
|
||||
import static org.briarproject.api.sharing.SharingConstants.LOCAL;
|
||||
import static org.briarproject.api.sharing.SharingConstants.MAX_INVITATION_MESSAGE_LENGTH;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SESSION_ID;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHAREABLE_ID;
|
||||
import static org.briarproject.api.sharing.SharingConstants.SHARED_BY_US;
|
||||
@@ -115,8 +115,6 @@ abstract class SharingManagerImpl<S extends Shareable, I extends Invitation, IS
|
||||
localGroup = contactGroupFactory.createLocalGroup(getClientId());
|
||||
}
|
||||
|
||||
public abstract ClientId getClientId();
|
||||
|
||||
protected abstract InvitationMessage createInvitationRequest(MessageId id,
|
||||
I msg, ContactId contactId, boolean available, long time,
|
||||
boolean local, boolean sent, boolean seen, boolean read);
|
||||
@@ -282,6 +280,9 @@ abstract class SharingManagerImpl<S extends Shareable, I extends Invitation, IS
|
||||
|
||||
// add invitation message to local state to be available for engine
|
||||
if (!StringUtils.isNullOrEmpty(msg)) {
|
||||
int msgLength = StringUtils.toUtf8(msg).length;
|
||||
if (msgLength > MAX_INVITATION_MESSAGE_LENGTH)
|
||||
throw new IllegalArgumentException();
|
||||
localState.setMessage(msg);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,10 +1,18 @@
|
||||
package org.briarproject.util;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.charset.CharacterCodingException;
|
||||
import java.nio.charset.Charset;
|
||||
import java.nio.charset.CharsetDecoder;
|
||||
import java.util.Collection;
|
||||
|
||||
import static java.nio.charset.CodingErrorAction.IGNORE;
|
||||
|
||||
public class StringUtils {
|
||||
|
||||
private static final Charset UTF_8 = Charset.forName("UTF-8");
|
||||
|
||||
private static final char[] HEX = new char[] {
|
||||
'0', '1', '2', '3', '4', '5', '6', '7',
|
||||
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
|
||||
@@ -32,23 +40,29 @@ public class StringUtils {
|
||||
}
|
||||
|
||||
public static String fromUtf8(byte[] bytes) {
|
||||
try {
|
||||
return new String(bytes, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return fromUtf8(bytes, 0, bytes.length);
|
||||
}
|
||||
|
||||
public static String fromUtf8(byte[] bytes, int off, int len) {
|
||||
CharsetDecoder decoder = UTF_8.newDecoder();
|
||||
decoder.onMalformedInput(IGNORE);
|
||||
decoder.onUnmappableCharacter(IGNORE);
|
||||
ByteBuffer buffer = ByteBuffer.wrap(bytes, off, len);
|
||||
try {
|
||||
return new String(bytes, off, len, "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
return decoder.decode(buffer).toString();
|
||||
} catch (CharacterCodingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String truncateUtf8(String s, int maxUtf8Length) {
|
||||
byte[] utf8 = toUtf8(s);
|
||||
if (utf8.length <= maxUtf8Length) return s;
|
||||
return fromUtf8(utf8, 0, maxUtf8Length);
|
||||
}
|
||||
|
||||
/** Converts the given byte array to a hex character array. */
|
||||
public static char[] toHexChars(byte[] bytes) {
|
||||
private static char[] toHexChars(byte[] bytes) {
|
||||
char[] hex = new char[bytes.length * 2];
|
||||
for (int i = 0, j = 0; i < bytes.length; i++) {
|
||||
hex[j++] = HEX[(bytes[i] >> 4) & 0xF];
|
||||
|
||||
Reference in New Issue
Block a user