Improve handling of badly-serialized data.

h/t @i-infra
2026-04-26 19:56:02 +01:00 · 2021-10-02 15:57:07 -04:00
parent eb8de536e0
commit ed8538547f
3 changed files with 55 additions and 41 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/messages/MessageContentProcessor.java
@@ -10,6 +10,7 @@ import androidx.annotation.Nullable;

 import com.annimon.stream.Collectors;
 import com.annimon.stream.Stream;
+import com.mobilecoin.lib.exceptions.SerializationException;

 import org.signal.core.util.logging.Log;
 import org.signal.ringrtc.CallId;
@@ -309,7 +310,7 @@ public final class MessageContentProcessor {
        else if (syncMessage.getBlockedList().isPresent())            handleSynchronizeBlockedListMessage(syncMessage.getBlockedList().get());
        else if (syncMessage.getFetchType().isPresent())              handleSynchronizeFetchMessage(syncMessage.getFetchType().get());
        else if (syncMessage.getMessageRequestResponse().isPresent()) handleSynchronizeMessageRequestResponse(syncMessage.getMessageRequestResponse().get());
-        else if (syncMessage.getOutgoingPaymentMessage().isPresent()) handleSynchronizeOutgoingPayment(syncMessage.getOutgoingPaymentMessage().get());
+        else if (syncMessage.getOutgoingPaymentMessage().isPresent()) handleSynchronizeOutgoingPayment(content, syncMessage.getOutgoingPaymentMessage().get());
        else                                                          warn(String.valueOf(content.getTimestamp()), "Contains no known sync types...");
      } else if (content.getCallMessage().isPresent()) {
        log(String.valueOf(content.getTimestamp()), "Got call message...");
@@ -410,6 +411,8 @@ public final class MessageContentProcessor {
    } catch (PaymentDatabase.PublicKeyConflictException e) {
      warn(content.getTimestamp(), "Ignoring payment with public key already in database");
      return;
+    } catch (SerializationException e) {
+      warn(content.getTimestamp(), "Ignoring payment with bad data.", e);
    }

    ApplicationDependencies.getJobManager()
@@ -1016,7 +1019,7 @@ public final class MessageContentProcessor {
    }
  }

-  private void handleSynchronizeOutgoingPayment(@NonNull OutgoingPaymentMessage outgoingPaymentMessage) {
+  private void handleSynchronizeOutgoingPayment(@NonNull SignalServiceContent content, @NonNull OutgoingPaymentMessage outgoingPaymentMessage) {
    RecipientId recipientId = outgoingPaymentMessage.getRecipient()
                                                    .transform(uuid -> RecipientId.from(uuid, null))
                                                    .orNull();
@@ -1027,23 +1030,27 @@ public final class MessageContentProcessor {

    Optional<MobileCoinPublicAddress> address = outgoingPaymentMessage.getAddress().transform(MobileCoinPublicAddress::fromBytes);
    if (!address.isPresent() && recipientId == null) {
-      log("Inserting defrag");
+      log(content.getTimestamp(), "Inserting defrag");
      address     = Optional.of(ApplicationDependencies.getPayments().getWallet().getMobileCoinPublicAddress());
      recipientId = Recipient.self().getId();
    }

    UUID uuid = UUID.randomUUID();
-    DatabaseFactory.getPaymentDatabase(context)
-                   .createSuccessfulPayment(uuid,
-                                            recipientId,
-                                            address.get(),
-                                            timestamp,
-                                            outgoingPaymentMessage.getBlockIndex(),
-                                            outgoingPaymentMessage.getNote().or(""),
-                                            outgoingPaymentMessage.getAmount(),
-                                            outgoingPaymentMessage.getFee(),
-                                            outgoingPaymentMessage.getReceipt().toByteArray(),
-                                            PaymentMetaDataUtil.fromKeysAndImages(outgoingPaymentMessage.getPublicKeys(), outgoingPaymentMessage.getKeyImages()));
+    try {
+      DatabaseFactory.getPaymentDatabase(context)
+                     .createSuccessfulPayment(uuid,
+                                              recipientId,
+                                              address.get(),
+                                              timestamp,
+                                              outgoingPaymentMessage.getBlockIndex(),
+                                              outgoingPaymentMessage.getNote().or(""),
+                                              outgoingPaymentMessage.getAmount(),
+                                              outgoingPaymentMessage.getFee(),
+                                              outgoingPaymentMessage.getReceipt().toByteArray(),
+                                              PaymentMetaDataUtil.fromKeysAndImages(outgoingPaymentMessage.getPublicKeys(), outgoingPaymentMessage.getKeyImages()));
+   } catch (SerializationException e) {
+      warn(content.getTimestamp(), "Ignoring synchronized outgoing payment with bad data.", e);
+    }

    log("Inserted synchronized payment " + uuid);
  }
@@ -2254,6 +2261,10 @@ public final class MessageContentProcessor {
    warn(String.valueOf(timestamp), message);
  }

+  protected void warn(long timestamp, @NonNull String message, @Nullable Throwable t) {
+    warn(String.valueOf(timestamp), message, t);
+  }
+
  protected void warn(@NonNull String message, @Nullable Throwable t) {
    warn("", message, t);
  }