From c84fae54f18efd842e14d727f45f02d60d4f5b4f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 1 Mar 2020 10:06:55 +0000
Subject: [PATCH] Extra checks on announce actor and object

---
 posts.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/posts.py b/posts.py
index 9c7503f1..45a6a2bf 100644
--- a/posts.py
+++ b/posts.py
@@ -2762,11 +2762,19 @@ def downloadAnnounce(session,baseDir: str,httpPrefix: str, \
             asHeader={'Accept': 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'}
         actorNickname=getNicknameFromActor(postJsonObject['actor'])
         actorDomain,actorPort=getDomainFromActor(postJsonObject['actor'])
+        if not actorDomain:
+            print('Announce actor does not contain a valid domain or port number: '+ \
+                  str(postJsonObject['actor']))
+            return None
         if isBlocked(baseDir,nickname,domain,actorNickname,actorDomain):
             print('Announce download blocked actor: '+actorNickname+'@'+actorDomain)
             return None
         objectNickname=getNicknameFromActor(postJsonObject['object'])
         objectDomain,objectPort=getDomainFromActor(postJsonObject['object'])
+        if not objectDomain:
+            print('Announce object does not contain a valid domain or port number: '+ \
+                  str(postJsonObject['object']))
+            return None
         if isBlocked(baseDir,nickname,domain,objectNickname,objectDomain):
             if objectNickname and objectDomain:
                 print('Announce download blocked object: '+objectNickname+'@'+objectDomain)