From b9fe2d9d06f4743d2399a33f5f8781f716d2adc3 Mon Sep 17 00:00:00 2001 From: septs Date: Thu, 3 Apr 2025 17:22:08 +0800 Subject: [PATCH 1/4] fix: stricted sm-dp+ address checking --- .../wizard/DownloadWizardDetailsFragment.kt | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt index 402e7a5..4654376 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt @@ -1,11 +1,9 @@ package im.angry.openeuicc.ui.wizard import android.os.Bundle -import android.util.Patterns import android.view.LayoutInflater import android.view.View import android.view.ViewGroup -import android.widget.Toast import androidx.core.widget.addTextChangedListener import com.google.android.material.textfield.TextInputLayout import im.angry.openeuicc.common.R @@ -86,10 +84,32 @@ class DownloadWizardDetailsFragment : DownloadWizardActivity.DownloadWizardStepF } private fun updateInputCompleteness() { - inputComplete = Patterns.DOMAIN_NAME.matcher(smdp.editText!!.text).matches() + inputComplete = isValidAddress(smdp.editText!!.text) if (state.confirmationCodeRequired) { inputComplete = inputComplete && confirmationCode.editText!!.text.isNotEmpty() } refreshButtons() } +} + +private fun isValidAddress(input: CharSequence): Boolean { + if (!input.contains('.')) return false + var fqdn: CharSequence = input + var port: Int? = 443 + if (fqdn.contains(':')) { + val portIndex = fqdn.lastIndexOf(':') + fqdn = input.slice(0 until portIndex) + port = input.slice(portIndex + 1 until input.length).toString().toIntOrNull(radix = 10) + } + // see https://en.wikipedia.org/wiki/Port_(computer_networking) + if (port == null || (port < 0 || port > 0xffff)) return false + // see https://en.wikipedia.org/wiki/Fully_qualified_domain_name + if (fqdn.length > 255) return false + for (part in fqdn.split('.')) { + if (part.isEmpty()) return false + if (part.length > 64) return false + if (part.all { it.isLetterOrDigit() || it == '-' }) continue + return false + } + return true } \ No newline at end of file From 3fada3df56c8096e8deac5e64403531070c86ac1 Mon Sep 17 00:00:00 2001 From: septs Date: Thu, 3 Apr 2025 19:36:04 +0800 Subject: [PATCH 2/4] fix: enhance address validation --- .../wizard/DownloadWizardDetailsFragment.kt | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt index 4654376..e5e0163 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt @@ -94,22 +94,24 @@ class DownloadWizardDetailsFragment : DownloadWizardActivity.DownloadWizardStepF private fun isValidAddress(input: CharSequence): Boolean { if (!input.contains('.')) return false - var fqdn: CharSequence = input - var port: Int? = 443 + var fqdn = input + var port = 443 if (fqdn.contains(':')) { val portIndex = fqdn.lastIndexOf(':') - fqdn = input.slice(0 until portIndex) - port = input.slice(portIndex + 1 until input.length).toString().toIntOrNull(radix = 10) + fqdn = input.subSequence(0, portIndex) + port = input.subSequence(portIndex + 1, input.length).toString().toIntOrNull(10) ?: 0 } // see https://en.wikipedia.org/wiki/Port_(computer_networking) - if (port == null || (port < 0 || port > 0xffff)) return false + if (port < 1 || port > 0xffff) return false // see https://en.wikipedia.org/wiki/Fully_qualified_domain_name if (fqdn.length > 255) return false for (part in fqdn.split('.')) { - if (part.isEmpty()) return false - if (part.length > 64) return false - if (part.all { it.isLetterOrDigit() || it == '-' }) continue - return false + if (part.isEmpty() || part.length > 64) return false + if (part.first() == '-' || part.last() == '-') return false + for (c in part) { + if (c.isLetterOrDigit() || c == '-') continue + return false + } } return true } \ No newline at end of file From ab9671e918aefa9a980fc27a4fa11c4a23e8c76f Mon Sep 17 00:00:00 2001 From: septs Date: Thu, 3 Apr 2025 21:48:36 +0800 Subject: [PATCH 3/4] fix: enhance address validation --- .../openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt index e5e0163..db1e9ac 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt @@ -7,6 +7,7 @@ import android.view.ViewGroup import androidx.core.widget.addTextChangedListener import com.google.android.material.textfield.TextInputLayout import im.angry.openeuicc.common.R +import kotlin.math.sign class DownloadWizardDetailsFragment : DownloadWizardActivity.DownloadWizardStepFragment() { private var inputComplete = false @@ -98,13 +99,13 @@ private fun isValidAddress(input: CharSequence): Boolean { var port = 443 if (fqdn.contains(':')) { val portIndex = fqdn.lastIndexOf(':') - fqdn = input.subSequence(0, portIndex) - port = input.subSequence(portIndex + 1, input.length).toString().toIntOrNull(10) ?: 0 + fqdn = input.substring(0, portIndex) + port = input.substring(portIndex + 1, input.length).toIntOrNull(10) ?: 0 } // see https://en.wikipedia.org/wiki/Port_(computer_networking) if (port < 1 || port > 0xffff) return false // see https://en.wikipedia.org/wiki/Fully_qualified_domain_name - if (fqdn.length > 255) return false + if (fqdn.isEmpty() || fqdn.length > 255) return false for (part in fqdn.split('.')) { if (part.isEmpty() || part.length > 64) return false if (part.first() == '-' || part.last() == '-') return false From 1026c822932df44f1ed94a623abffc3b59cbcb50 Mon Sep 17 00:00:00 2001 From: septs Date: Fri, 4 Apr 2025 10:07:23 +0800 Subject: [PATCH 4/4] fix: enhance address validation --- .../openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt index db1e9ac..357a493 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/wizard/DownloadWizardDetailsFragment.kt @@ -97,8 +97,8 @@ private fun isValidAddress(input: CharSequence): Boolean { if (!input.contains('.')) return false var fqdn = input var port = 443 - if (fqdn.contains(':')) { - val portIndex = fqdn.lastIndexOf(':') + if (input.contains(':')) { + val portIndex = input.lastIndexOf(':') fqdn = input.substring(0, portIndex) port = input.substring(portIndex + 1, input.length).toIntOrNull(10) ?: 0 }