From 7e762eb799abe0d4f172d04eb714b97e838a8b1f Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Wed, 30 Mar 2022 09:03:19 +0200 Subject: [PATCH] ensure downloaded file does not exceed Content-Length reported by HEAD --- .../http/HttpDownloadConnection.java | 23 ++++++++++++++++--- src/main/res/values/strings.xml | 1 + 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/http/HttpDownloadConnection.java b/src/main/java/eu/siacs/conversations/http/HttpDownloadConnection.java index 5623c0be7..31ba810a4 100644 --- a/src/main/java/eu/siacs/conversations/http/HttpDownloadConnection.java +++ b/src/main/java/eu/siacs/conversations/http/HttpDownloadConnection.java @@ -102,11 +102,15 @@ public class HttpDownloadConnection implements Transferable { if (this.message.getEncryption() == Message.ENCRYPTION_AXOLOTL && this.file.getKey() == null) { this.message.setEncryption(Message.ENCRYPTION_NONE); } - //TODO add auth tag size to knownFileSize final Long knownFileSize = message.getFileParams().size; Log.d(Config.LOGTAG,"knownFileSize: "+knownFileSize+", body="+message.getBody()); if (knownFileSize != null && interactive) { - this.file.setExpectedSize(knownFileSize); + if (message.getEncryption() == Message.ENCRYPTION_AXOLOTL + && this.file.getKey() != null) { + this.file.setExpectedSize(knownFileSize + 16); + } else { + this.file.setExpectedSize(knownFileSize); + } download(true); } else { checkFileSize(interactive); @@ -216,6 +220,8 @@ public class HttpDownloadConnection implements Transferable { mXmppConnectionService.showErrorToastInUi(R.string.download_failed_could_not_connect); } else if (e instanceof FileWriterException) { mXmppConnectionService.showErrorToastInUi(R.string.download_failed_could_not_write_file); + } else if (e instanceof InvalidFileException) { + mXmppConnectionService.showErrorToastInUi(R.string.download_failed_invalid_file); } else { mXmppConnectionService.showErrorToastInUi(R.string.download_failed_file_not_found); } @@ -428,9 +434,12 @@ public class HttpDownloadConnection implements Transferable { transmitted += count; try { outputStream.write(buffer, 0, count); - } catch (IOException e) { + } catch (final IOException e) { throw new FileWriterException(file); } + if (transmitted > expected) { + throw new InvalidFileException(String.format("File exceeds expected size of %d", expected)); + } updateProgress(Math.round(((double) transmitted / expected) * 100)); } outputStream.flush(); @@ -458,4 +467,12 @@ public class HttpDownloadConnection implements Transferable { throw new IOException(String.format(Locale.ENGLISH, "HTTP Status code was %d", code)); } } + + private static class InvalidFileException extends IOException { + + private InvalidFileException(final String message) { + super(message); + } + + } } diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 8b5e67eb2..20c7cbef8 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -463,6 +463,7 @@ Download failed: File not found Download failed: Could not connect to host Download failed: Could not write file + Download failed: Invalid file Tor network unavailable Bind failure The server is not responsible for this domain