From 21f1725894c4bbb7f180fd97d4405181c634bfc1 Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Sat, 8 Oct 2016 10:34:17 +0200 Subject: be more careful parsing integers in omemo --- .../de/pixart/messenger/crypto/axolotl/XmppAxolotlMessage.java | 8 ++++++-- src/main/java/de/pixart/messenger/parser/IqParser.java | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'src/main') diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/XmppAxolotlMessage.java b/src/main/java/de/pixart/messenger/crypto/axolotl/XmppAxolotlMessage.java index fa37044d4..06bb011e7 100644 --- a/src/main/java/de/pixart/messenger/crypto/axolotl/XmppAxolotlMessage.java +++ b/src/main/java/de/pixart/messenger/crypto/axolotl/XmppAxolotlMessage.java @@ -91,7 +91,11 @@ public class XmppAxolotlMessage { private XmppAxolotlMessage(final Element axolotlMessage, final Jid from) throws IllegalArgumentException { this.from = from; Element header = axolotlMessage.findChild(HEADER); - this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID)); + try { + this.sourceDeviceId = Integer.parseInt(header.getAttribute(SOURCEID)); + } catch (NumberFormatException e) { + throw new IllegalArgumentException("invalid source id"); + } List keyElements = header.getChildren(); this.keys = new HashMap<>(keyElements.size()); for (Element keyElement : keyElements) { @@ -102,7 +106,7 @@ public class XmppAxolotlMessage { byte[] key = Base64.decode(keyElement.getContent().trim(), Base64.DEFAULT); this.keys.put(recipientId, key); } catch (NumberFormatException e) { - throw new IllegalArgumentException(e); + throw new IllegalArgumentException("invalid remote id"); } break; case IVTAG: diff --git a/src/main/java/de/pixart/messenger/parser/IqParser.java b/src/main/java/de/pixart/messenger/parser/IqParser.java index 8e400680f..5617973d6 100644 --- a/src/main/java/de/pixart/messenger/parser/IqParser.java +++ b/src/main/java/de/pixart/messenger/parser/IqParser.java @@ -139,7 +139,11 @@ public class IqParser extends AbstractParser implements OnIqPacketReceived { if(signedPreKeyPublic == null) { return null; } - return Integer.valueOf(signedPreKeyPublic.getAttribute("signedPreKeyId")); + try { + return Integer.valueOf(signedPreKeyPublic.getAttribute("signedPreKeyId")); + } catch (NumberFormatException e) { + return null; + } } public ECPublicKey signedPreKeyPublic(final Element bundle) { @@ -255,7 +259,7 @@ public class IqParser extends AbstractParser implements OnIqPacketReceived { Integer signedPreKeyId = signedPreKeyId(bundleElement); byte[] signedPreKeySignature = signedPreKeySignature(bundleElement); IdentityKey identityKey = identityKey(bundleElement); - if(signedPreKeyPublic == null || identityKey == null) { + if(signedPreKeyId == null || signedPreKeyPublic == null || identityKey == null) { return null; } -- cgit v1.2.3