Merge pull request #346 from FossifyOrg/fix_mms_vuln

Limit received MMS message length to 5000

app/src/main/kotlin/org/fossify/messages/extensions/Context.kt

@@ -56,6 +56,7 @@ import org.fossify.messages.databases.MessagesDatabase
 import org.fossify.messages.helpers.AttachmentUtils.parseAttachmentNames
 import org.fossify.messages.helpers.Config
 import org.fossify.messages.helpers.FILE_SIZE_NONE
+import org.fossify.messages.helpers.MAX_MESSAGE_LENGTH
 import org.fossify.messages.helpers.MESSAGES_LIMIT
 import org.fossify.messages.helpers.NotificationHelper
 import org.fossify.messages.helpers.generateRandomId
@@ -481,7 +482,10 @@ fun Context.getMmsAttachment(id: Long, getImageResolutions: Boolean): MessageAtt
         val partId = cursor.getLongValue(Mms._ID)
         val mimetype = cursor.getStringValue(Mms.Part.CONTENT_TYPE)
         if (mimetype == "text/plain") {
-            messageAttachment.text = cursor.getStringValue(Mms.Part.TEXT) ?: ""
+            messageAttachment.text = cursor
+                .getStringValue(Mms.Part.TEXT)
+                ?.take(MAX_MESSAGE_LENGTH)
+                .orEmpty()
         } else if (mimetype.startsWith("image/") || mimetype.startsWith("video/")) {
             val fileUri = Uri.withAppendedPath(uri, partId.toString())
             var width = 0

app/src/main/kotlin/org/fossify/messages/helpers/Constants.kt

@@ -79,6 +79,7 @@ const val FILE_SIZE_1_MB = 1_048_576L
 const val FILE_SIZE_2_MB = 2_097_152L
 
 const val MESSAGES_LIMIT = 30
+const val MAX_MESSAGE_LENGTH = 5000
 
 // intent launch request codes
 const val PICK_PHOTO_INTENT = 42