From f2cb0f5a5faf3d7a3941caa99b762ee9743340fe Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 13 Jan 2022 08:09:16 +0300 Subject: mail: handle invalid In-Reply-To header --- src/main/java/com/juick/www/api/Service.java | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'src/main/java/com/juick/www') diff --git a/src/main/java/com/juick/www/api/Service.java b/src/main/java/com/juick/www/api/Service.java index f7c7a4aa..81b24a23 100644 --- a/src/main/java/com/juick/www/api/Service.java +++ b/src/main/java/com/juick/www/api/Service.java @@ -36,6 +36,7 @@ import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.commons.lang3.math.NumberUtils; import org.apache.commons.mail.util.MimeMessageParser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -140,7 +141,8 @@ public class Service { try { logger.info("got inputstream: {}", a.getInputStream()); FileOutputStream fos = new FileOutputStream( - Paths.get(storageService.getTemporaryDirectory(), attachmentFName[0]).toString()); + Paths.get(storageService.getTemporaryDirectory(), attachmentFName[0]) + .toString()); IOUtils.copy(a.getInputStream(), fos); fos.close(); } catch (IOException e) { @@ -150,19 +152,26 @@ public class Service { String[] inReplyToHeaders = msg.getHeader("In-Reply-To"); if (inReplyToHeaders != null && inReplyToHeaders.length > 0) { int mid, rid; - var originalMessage = messagesService.findMessageByProperty("messageId", inReplyToHeaders[0]); + String inReplyTo = inReplyToHeaders[0].trim(); + var originalMessage = messagesService.findMessageByProperty("messageId", inReplyTo); if (originalMessage.isPresent()) { mid = originalMessage.get().getLeft(); rid = originalMessage.get().getRight(); } else { - Scanner inReplyToScanner = new Scanner(inReplyToHeaders[0].trim()) + Scanner inReplyToScanner = new Scanner(inReplyTo) .useDelimiter(EmailManager.MSGID_PATTERN); - mid = Integer.parseInt(inReplyToScanner.next()); - rid = Integer.parseInt(inReplyToScanner.next()); + mid = NumberUtils.toInt(inReplyToScanner.next(), 0); + rid = NumberUtils.toInt(inReplyToScanner.next(), 0); + inReplyToScanner.close(); + } + if (mid > 0) { + logger.info("Message is reply to #{}/{}", mid, rid); + body[0] = rid > 0 ? String.format("#%d/%d %s", mid, rid, body[0]) + : String.format("#%d %s", mid, body[0]); + } else { + logger.warn("Unknown In-Reply-To: {}", inReplyTo); + return; } - logger.info("Message is reply to #{}/{}", mid, rid); - body[0] = rid > 0 ? String.format("#%d/%d %s", mid, rid, body[0]) - : String.format("#%d %s", mid, body[0]); } URI attachmentUri = StringUtils.isNotEmpty(attachmentFName[0]) ? URI.create(String.format("juick://%s", attachmentFName[0])) -- cgit v1.2.3