Guard against malformed group ids.

2026-04-22 18:00:02 +01:00 · 2020-04-20 12:01:31 -03:00
parent 00ee6d0bbd
commit 9a8094cb8a
21 changed files with 200 additions and 94 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/database/GroupDatabase.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/database/GroupDatabase.java
@@ -25,7 +25,6 @@ import org.thoughtcrime.securesms.groups.GroupId;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.recipients.Recipient;
 import org.thoughtcrime.securesms.recipients.RecipientId;
-import org.thoughtcrime.securesms.util.Util;
 import org.whispersystems.libsignal.util.guava.Optional;
 import org.whispersystems.signalservice.api.groupsv2.DecryptedGroupUtil;
 import org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer;
@@ -186,7 +185,7 @@ public final class GroupDatabase extends Database {
                                                               null, null, null);
    try {
      if (cursor != null && cursor.moveToNext()) {
-        return GroupId.parse(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID)))
+        return GroupId.parseOrThrow(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID)))
                      .requireMms();
      } else {
        GroupId.Mms groupId = GroupId.createMms(new SecureRandom());
@@ -519,7 +518,7 @@ public final class GroupDatabase extends Database {
        return null;
      }

-      return new GroupRecord(GroupId.parse(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID))),
+      return new GroupRecord(GroupId.parseOrThrow(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID))),
                             RecipientId.from(cursor.getLong(cursor.getColumnIndexOrThrow(RECIPIENT_ID))),
                             cursor.getString(cursor.getColumnIndexOrThrow(TITLE)),
                             cursor.getString(cursor.getColumnIndexOrThrow(MEMBERS)),
--- a/app/src/main/java/org/thoughtcrime/securesms/database/RecipientDatabase.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/database/RecipientDatabase.java
@@ -561,7 +561,7 @@ public class RecipientDatabase extends Database {
      for (SignalGroupV1Record insert : groupV1Inserts) {
        db.insertOrThrow(TABLE_NAME, null, getValuesForStorageGroupV1(insert));

-        Recipient recipient = Recipient.externalGroup(context, GroupId.v1(insert.getGroupId()));
+        Recipient recipient = Recipient.externalGroup(context, GroupId.v1orThrow(insert.getGroupId()));

        threadDatabase.setArchived(recipient.getId(), insert.isArchived());
        recipient.live().refresh();
@@ -575,7 +575,7 @@ public class RecipientDatabase extends Database {
          throw new AssertionError("Had an update, but it didn't match any rows!");
        }

-        Recipient recipient = Recipient.externalGroup(context, GroupId.v1(update.getOld().getGroupId()));
+        Recipient recipient = Recipient.externalGroup(context, GroupId.v1orThrow(update.getOld().getGroupId()));

        threadDatabase.setArchived(recipient.getId(), update.getNew().isArchived());
        recipient.live().refresh();
@@ -670,7 +670,7 @@ public class RecipientDatabase extends Database {

  private static @NonNull ContentValues getValuesForStorageGroupV1(@NonNull SignalGroupV1Record groupV1) {
    ContentValues values = new ContentValues();
-    values.put(GROUP_ID, GroupId.v1(groupV1.getGroupId()).toString());
+    values.put(GROUP_ID, GroupId.v1orThrow(groupV1.getGroupId()).toString());
    values.put(GROUP_TYPE, GroupType.SIGNAL_V1.getId());
    values.put(PROFILE_SHARING, groupV1.isProfileSharingEnabled() ? "1" : "0");
    values.put(BLOCKED, groupV1.isBlocked() ? "1" : "0");
@@ -733,7 +733,7 @@ public class RecipientDatabase extends Database {
    String  username                   = cursor.getString(cursor.getColumnIndexOrThrow(USERNAME));
    String  e164                       = cursor.getString(cursor.getColumnIndexOrThrow(PHONE));
    String  email                      = cursor.getString(cursor.getColumnIndexOrThrow(EMAIL));
-    GroupId groupId                    = GroupId.parseNullable(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID)));
+    GroupId groupId                    = GroupId.parseNullableOrThrow(cursor.getString(cursor.getColumnIndexOrThrow(GROUP_ID)));
    int     groupType                  = cursor.getInt(cursor.getColumnIndexOrThrow(GROUP_TYPE));
    boolean blocked                    = cursor.getInt(cursor.getColumnIndexOrThrow(BLOCKED))                == 1;
    String  messageRingtone            = cursor.getString(cursor.getColumnIndexOrThrow(MESSAGE_RINGTONE));
@@ -1406,7 +1406,7 @@ public class RecipientDatabase extends Database {
        db.update(TABLE_NAME, setBlocked, UUID + " = ?", new String[] { uuid });
      }

-      List<GroupId.V1> groupIdStrings = Stream.of(groupIds).map(GroupId::v1).toList();
+      List<GroupId.V1> groupIdStrings = Stream.of(groupIds).map(GroupId::v1orThrow).toList();

      for (GroupId.V1 groupId : groupIdStrings) {
        db.update(TABLE_NAME, setBlocked, GROUP_ID + " = ?", new String[] { groupId.toString() });