Verify the host-supplied URL matches the domain's allowed URL patterns

remoting/android/java/src/org/chromium/chromoting/Chromoting.java

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chromoting;
 
 import android.accounts.Account;
 import android.accounts.AccountManager;
 import android.accounts.AccountManagerCallback;
 import android.accounts.AccountManagerFuture;
@@ skipping 263 matching lines @@
     }
 
     /** Called when the user taps on a host entry. */
     public void connectToHost(HostInfo host) {
         mProgressIndicator = ProgressDialog.show(this,
               host.name, getString(R.string.footer_connecting), true, true,
               new DialogInterface.OnCancelListener() {
                   @Override
                   public void onCancel(DialogInterface dialog) {
                       JniInterface.disconnectFromHost();
+                      mTokenFetcher = null;
                   }
               });
         SessionConnector connector = new SessionConnector(this, this, mHostListLoader);
+        assert mTokenFetcher == null;
+        mTokenFetcher = createTokenFetcher(host);
         connector.connectToHost(mAccount.name, mToken, host);
     }
 
     private void refreshHostList() {
         mTriedNewAuthToken = false;
         setHostListProgressVisible(true);
 
         // The refresh button simply makes use of the currently-chosen account.
         AccountManager.get(this).getAuthToken(mAccount, TOKEN_SCOPE, null, this, this, null);
     }
@@ skipping 155 matching lines @@
                 // Unreachable, but required by Google Java style and findbugs.
                 assert false : "Unreached";
         }
 
         if (dismissProgress && mProgressIndicator != null) {
             mProgressIndicator.dismiss();
             mProgressIndicator = null;
         }
     }
 
-    public void fetchThirdPartyToken(String tokenUrl, String clientId, String scope) {
-        assert mTokenFetcher == null;
-
+    private ThirdPartyTokenFetcher createTokenFetcher(HostInfo host) {
         ThirdPartyTokenFetcher.Callback callback = new ThirdPartyTokenFetcher.Callback() {
             public void onTokenFetched(String code, String accessToken) {
                 // The native client sends the OAuth authorization code to the host as the token so
                 // that the host can obtain the shared secret from the third party authorization
                 // server.
                 String token = code;
 
                 // The native client uses the OAuth access token as the shared secret to
                 // authenticate itself with the host using spake.
                 String sharedSecret = accessToken;
 
                 JniInterface.nativeOnThirdPartyTokenFetched(token, sharedSecret);
             }
         };
-
-        mTokenFetcher = new ThirdPartyTokenFetcher(this, tokenUrl, clientId, scope, callback);
-        mTokenFetcher.fetchToken();
+        return new ThirdPartyTokenFetcher(this, host.tokenUrlPatterns, callback);
     }
 
-
+    public void fetchThirdPartyToken(String tokenUrl, String clientId, String scope) {
+        assert mTokenFetcher != null;
+        mTokenFetcher.fetchToken(tokenUrl, clientId, scope);
+    }
 }