From e3aa66d844478ea739c712202811559d70599037 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Wed, 20 Nov 2019 12:40:56 +0100
Subject: [PATCH] Sanitize incoming attachment mime type

---
 .../eu/faircode/email/FragmentCompose.java    | 23 +++++++++++--------
 .../main/java/eu/faircode/email/Helper.java   | 15 ++++++++++++
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java
index 19f7da2829..976b334899 100644
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@@ -70,7 +70,6 @@ import android.view.MotionEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.view.inputmethod.InputMethodManager;
-import android.webkit.MimeTypeMap;
 import android.widget.AdapterView;
 import android.widget.ArrayAdapter;
 import android.widget.CheckBox;
@@ -135,8 +134,10 @@ import javax.mail.MessageRemovedException;
 import javax.mail.Part;
 import javax.mail.Session;
 import javax.mail.internet.AddressException;
+import javax.mail.internet.ContentType;
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
+import javax.mail.internet.ParseException;
 
 import static android.app.Activity.RESULT_CANCELED;
 import static android.app.Activity.RESULT_OK;
@@ -1927,17 +1928,21 @@ public class FragmentCompose extends FragmentBase {
             Log.e(ex);
         }
 
+        // Check name
         if (TextUtils.isEmpty(fname))
             fname = uri.getLastPathSegment();
 
-        if (TextUtils.isEmpty(ftype)) {
-            String extension = Helper.getExtension(fname);
-            if (extension != null)
-                ftype = MimeTypeMap.getSingleton()
-                        .getMimeTypeFromExtension(extension.toLowerCase(Locale.ROOT));
-            if (ftype == null)
-                ftype = "application/octet-stream";
-        }
+        // Check type
+        if (!TextUtils.isEmpty(ftype))
+            try {
+                new ContentType(ftype);
+            } catch (ParseException ex) {
+                Log.w(ex);
+                ftype = null;
+            }
+
+        if (TextUtils.isEmpty(ftype))
+            ftype = Helper.guessMimeType(fname);
 
         if (fsize != null && fsize <= 0)
             fsize = null;
diff --git a/app/src/main/java/eu/faircode/email/Helper.java b/app/src/main/java/eu/faircode/email/Helper.java
index a69f702eb2..70754fea18 100644
--- a/app/src/main/java/eu/faircode/email/Helper.java
+++ b/app/src/main/java/eu/faircode/email/Helper.java
@@ -52,6 +52,7 @@ import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
 import android.view.inputmethod.EditorInfo;
+import android.webkit.MimeTypeMap;
 import android.webkit.WebView;
 import android.widget.Button;
 import android.widget.CheckBox;
@@ -647,6 +648,20 @@ public class Helper {
         return filename.substring(index + 1);
     }
 
+    static String guessMimeType(String filename) {
+        String type = null;
+
+        String extension = Helper.getExtension(filename);
+        if (extension != null)
+            type = MimeTypeMap.getSingleton()
+                    .getMimeTypeFromExtension(extension.toLowerCase(Locale.ROOT));
+
+        if (TextUtils.isEmpty(type))
+            type = "application/octet-stream";
+
+        return type;
+    }
+
     static void writeText(File file, String content) throws IOException {
         try (FileOutputStream out = new FileOutputStream(file)) {
             if (content != null)