From 9c0c25ef994d5eded8edc3dec5a8aac0d8959e85 Mon Sep 17 00:00:00 2001
From: Nicholas Tinsley <nicholas@signal.org>
Date: Tue, 13 Jun 2023 12:18:34 -0400
Subject: [PATCH] Detect URL patterns that will crash OkHttp.

Addresses #12998.
---
 .../main/java/org/thoughtcrime/securesms/util/LinkUtil.kt    | 5 +++++
 .../securesms/util/LinkUtilTest_isValidPreviewUrl.kt         | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/app/src/main/java/org/thoughtcrime/securesms/util/LinkUtil.kt b/app/src/main/java/org/thoughtcrime/securesms/util/LinkUtil.kt
index 4d45cfd18d..a1a4526a32 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/util/LinkUtil.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/util/LinkUtil.kt
@@ -13,6 +13,7 @@ object LinkUtil {
   private val ALL_ASCII_PATTERN = Pattern.compile("^[\\x00-\\x7F]*$")
   private val ALL_NON_ASCII_PATTERN = Pattern.compile("^[^\\x00-\\x7F]*$")
   private val ILLEGAL_CHARACTERS_PATTERN = Pattern.compile("[\u202C\u202D\u202E\u2500-\u25FF]")
+  private val ILLEGAL_PERIODS_PATTERN = Pattern.compile("(\\.{2,}|…)")
 
   private val INVALID_DOMAINS = listOf("example", "example\\.com", "example\\.net", "example\\.org", "i2p", "invalid", "localhost", "onion", "test")
   private val INVALID_DOMAINS_REGEX: Regex = Regex("^(.+\\.)?(${INVALID_DOMAINS.joinToString("|")})\\.?\$")
@@ -66,6 +67,10 @@ object LinkUtil {
       return LegalCharactersResult(false)
     }
 
+    if (ILLEGAL_PERIODS_PATTERN.matcher(url).find()) {
+      return LegalCharactersResult(false)
+    }
+
     val matcher = DOMAIN_PATTERN.matcher(url)
     if (!matcher.matches()) {
       return LegalCharactersResult(false)
diff --git a/app/src/test/java/org/thoughtcrime/securesms/util/LinkUtilTest_isValidPreviewUrl.kt b/app/src/test/java/org/thoughtcrime/securesms/util/LinkUtilTest_isValidPreviewUrl.kt
index 06eb7d5754..2440d0983d 100644
--- a/app/src/test/java/org/thoughtcrime/securesms/util/LinkUtilTest_isValidPreviewUrl.kt
+++ b/app/src/test/java/org/thoughtcrime/securesms/util/LinkUtilTest_isValidPreviewUrl.kt
@@ -38,6 +38,8 @@ class LinkUtilTest_isValidPreviewUrl(private val input: String, private val outp
         arrayOf("кц.рф\u25AA", false),
         arrayOf("кц.рф\u25FF", false),
         arrayOf("", false),
+        arrayOf("https://…", false),
+        arrayOf("https://...", false),
         arrayOf("https://cool.example", false),
         arrayOf("https://cool.example.com", false),
         arrayOf("https://cool.example.net", false),