Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 929ca5e4 authored by Jake Hamby's avatar Jake Hamby
Browse files

Fix bug in CDMA WDP datagram handling (fixes incoming MMS). 

CDMA WDP datagram handling was refactored to use the same method
that handles concatenated SMS messages. WDP datagram sequence numbers
start at 0, but GSM/CDMA concatenated sequence numbers start at 1.
Changed SMSDispatcher.processMessagePart() to count from 0 when
handling WDP datagrams.

Also changed CdmaSMSDispatcher.processCdmaWapPdu() to correctly
decode segment numbers > 127 (signed byte conversion bug)
and to reject PDUs with an out-of-range segment number (invalid
ranges are already rejected for regular concatenated messages).

Bug: 5433331
Change-Id: I25c9567769de8edca789c0d1707d4916a4c46885
parent c5b28bd0

telephony/java/com/android/internal/telephony/SMSDispatcher.java

+12 −2
Original line number Diff line number Diff line
@@ -518,6 +518,7 @@ public abstract class SMSDispatcher extends Handler { 
     * @param address the originating address

     * @param referenceNumber distinguishes concatenated messages from the same sender

     * @param sequenceNumber the order of this segment in the message

     *          (starting at 0 for CDMA WDP datagrams and 1 for concatenated messages).

     * @param messageCount the number of segments in the message

     * @param timestamp the service center timestamp in millis

     * @param destPort the destination port for the message, or -1 for no destination port
@@ -583,7 +584,11 @@ public abstract class SMSDispatcher extends Handler { 
            for (int i = 0; i < cursorCount; i++) {

                cursor.moveToNext();

                int cursorSequence = cursor.getInt(SEQUENCE_COLUMN);

                pdus[cursorSequence - 1] = HexDump.hexStringToByteArray(

                // GSM sequence numbers start at 1; CDMA WDP datagram sequence numbers start at 0

                if (!isCdmaWapPush) {

                    cursorSequence--;

                }

                pdus[cursorSequence] = HexDump.hexStringToByteArray(

                        cursor.getString(PDU_COLUMN));



                // Read the destination port from the first segment (needed for CDMA WAP PDU).
@@ -593,7 +598,12 @@ public abstract class SMSDispatcher extends Handler { 
                }

            }

            // This one isn't in the DB, so add it

            // GSM sequence numbers start at 1; CDMA WDP datagram sequence numbers start at 0

            if (isCdmaWapPush) {

                pdus[sequenceNumber] = pdu;

            } else {

                pdus[sequenceNumber - 1] = pdu;

            }



            // Remove the parts from the database

            mResolver.delete(mRawUri, where, whereArgs);

telephony/java/com/android/internal/telephony/cdma/CdmaSMSDispatcher.java

+8 −3
Original line number Diff line number Diff line
@@ -198,13 +198,18 @@ final class CdmaSMSDispatcher extends SMSDispatcher { 
    protected int processCdmaWapPdu(byte[] pdu, int referenceNumber, String address) {

        int index = 0;



        int msgType = pdu[index++];

        int msgType = (0xFF & pdu[index++]);

        if (msgType != 0) {

            Log.w(TAG, "Received a WAP SMS which is not WDP. Discard.");

            return Intents.RESULT_SMS_HANDLED;

        }

        int totalSegments = pdu[index++];   // >= 1

        int segment = pdu[index++];         // >= 0

        int totalSegments = (0xFF & pdu[index++]);   // >= 1

        int segment = (0xFF & pdu[index++]);         // >= 0



        if (segment >= totalSegments) {

            Log.e(TAG, "WDP bad segment #" + segment + " expecting 0-" + (totalSegments - 1));

            return Intents.RESULT_SMS_HANDLED;

        }



        // Only the first segment contains sourcePort and destination Port

        int sourcePort = 0;