summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Weimer <wishmaster51@googlemail.com>2016-03-10 18:50:25 +0000
committerTobias Weimer <wishmaster51@googlemail.com>2016-03-10 18:50:25 +0000
commit233d4da0d94f0fddd54182426f5abef7eb2a25f7 (patch)
treee4f7ee131c74164e4f81851dfa56bf42f8ed1efd
parent556378c60ee53dd36c828976e51664b6d61736f0 (diff)
MirOTR: Updated lobotr to version 4.1.1 (fixes #1208)
-Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms -Fix possible free() of an uninitialized pointer -Be stricter about parsing v3 fragments -Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll -Fix a memory leak when reading a malformed instance tag file -Protocol documentation clarifications git-svn-id: http://svn.miranda-ng.org/main/trunk@16454 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
-rw-r--r--plugins/MirOTR/libotr/src/instag.c21
-rw-r--r--plugins/MirOTR/libotr/src/message.c9
-rw-r--r--plugins/MirOTR/libotr/src/proto.c20
-rw-r--r--plugins/MirOTR/libotr/src/version.h6
4 files changed, 35 insertions, 21 deletions
diff --git a/plugins/MirOTR/libotr/src/instag.c b/plugins/MirOTR/libotr/src/instag.c
index 6b829de449..cccd94fb6c 100644
--- a/plugins/MirOTR/libotr/src/instag.c
+++ b/plugins/MirOTR/libotr/src/instag.c
@@ -1,6 +1,6 @@
/*
* Off-the-Record Messaging library
- * Copyright (C) 2004-2012 Ian Goldberg, Rob Smits, Chris Alexander,
+ * Copyright (C) 2004-2015 Ian Goldberg, Rob Smits, Chris Alexander,
* Willy Lew, Lisa Du, Nikita Borisov
* <otr@cypherpunks.ca>
*
@@ -90,12 +90,11 @@ gcry_error_t otrl_instag_read(OtrlUserState us, const char *filename)
* OtrlUserState. The FILE* must be open for reading. */
gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf)
{
+ if (!instf) return gcry_error(GPG_ERR_NO_ERROR);
OtrlInsTag *p;
char storeline[1000];
size_t maxsize = sizeof(storeline);
-
- if (!instf) return gcry_error(GPG_ERR_NO_ERROR);
while(fgets(storeline, maxsize, instf)) {
char *prevpos;
@@ -118,23 +117,35 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf)
*pos = '\0';
pos++;
p->accountname = malloc(pos - prevpos);
+ if (!(p->accountname)) {
+ free(p);
+ return gcry_error(GPG_ERR_ENOMEM);
+ }
memmove(p->accountname, prevpos, pos - prevpos);
prevpos = pos;
pos = strchr(prevpos, '\t');
if (!pos) {
+ free(p->accountname);
free(p);
continue;
}
*pos = '\0';
pos++;
p->protocol = malloc(pos - prevpos);
+ if (!(p->protocol)) {
+ free(p->accountname);
+ free(p);
+ return gcry_error(GPG_ERR_ENOMEM);
+ }
memmove(p->protocol, prevpos, pos - prevpos);
prevpos = pos;
pos = strchr(prevpos, '\r');
if (!pos) pos = strchr(prevpos, '\n');
if (!pos) {
+ free(p->accountname);
+ free(p->protocol);
free(p);
continue;
}
@@ -142,6 +153,8 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf)
pos++;
/* hex str of length 8 */
if (strlen(prevpos) != 8) {
+ free(p->accountname);
+ free(p->protocol);
free(p);
continue;
}
@@ -149,6 +162,8 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf)
sscanf(prevpos, "%08x", &instag);
if (instag < OTRL_MIN_VALID_INSTAG) {
+ free(p->accountname);
+ free(p->protocol);
free(p);
continue;
}
diff --git a/plugins/MirOTR/libotr/src/message.c b/plugins/MirOTR/libotr/src/message.c
index b13710cccd..c44ce7b8fc 100644
--- a/plugins/MirOTR/libotr/src/message.c
+++ b/plugins/MirOTR/libotr/src/message.c
@@ -1,6 +1,6 @@
/*
* Off-the-Record Messaging library
- * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits,
+ * Copyright (C) 2004-2015 Ian Goldberg, David Goulet, Rob Smits,
* Chris Alexander, Willy Lew, Lisa Du,
* Nikita Borisov
* <otr@cypherpunks.ca>
@@ -467,10 +467,9 @@ static gcry_error_t send_or_error_auth(const OtrlMessageAppOps *ops,
if (!err) {
const char *msg = context->auth.lastauthmsg;
if (msg && *msg) {
- time_t now;
fragment_and_send(ops, opdata, context, msg,
OTRL_FRAGMENT_SEND_ALL, NULL);
- now = time(NULL);
+ time_t now = time(NULL);
/* Update the "last sent" fields, unless this is a version 3
* message typing to update the master context (as happens
* when sending a v3 COMMIT message, for example). */
@@ -1506,7 +1505,7 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
unsigned char* nextmsg;
int nextmsglen;
OtrlTLV *sendtlv;
- char *sendsmp;
+ char *sendsmp = NULL;
otrl_sm_step3(context->smstate, tlv->data,
tlv->len, &nextmsg, &nextmsglen);
@@ -1561,7 +1560,7 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
unsigned char* nextmsg;
int nextmsglen;
OtrlTLV *sendtlv;
- char *sendsmp;
+ char *sendsmp = NULL;
err = otrl_sm_step4(context->smstate, tlv->data,
tlv->len, &nextmsg, &nextmsglen);
/* Set trust level based on result */
diff --git a/plugins/MirOTR/libotr/src/proto.c b/plugins/MirOTR/libotr/src/proto.c
index 22e50ebb20..898ace5db7 100644
--- a/plugins/MirOTR/libotr/src/proto.c
+++ b/plugins/MirOTR/libotr/src/proto.c
@@ -1,6 +1,6 @@
/*
* Off-the-Record Messaging library
- * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits,
+ * Copyright (C) 2004-2016 Ian Goldberg, David Goulet, Rob Smits,
* Chris Alexander, Willy Lew, Lisa Du,
* Nikita Borisov
* <otr@cypherpunks.ca>
@@ -498,6 +498,8 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context,
char *msgdup;
int version = context->protocol_version;
+ *encmessagep = NULL;
+
/* Make sure we're actually supposed to be able to encrypt */
if (context->msgstate != OTRL_MSGSTATE_ENCRYPTED ||
context->context_priv->their_keyid == 0) {
@@ -512,8 +514,6 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context,
}
strcpy(msgdup, msg);
- *encmessagep = NULL;
-
/* Header, msg flags, send keyid, recv keyid, counter, msg len, msg
* len of revealed mac keys, revealed mac keys, MAC */
buflen = OTRL_HEADER_LEN + (version == 3 ? 8 : 0)
@@ -717,7 +717,7 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
unsigned int sender_keyid, recipient_keyid;
gcry_mpi_t sender_next_y = NULL;
unsigned char ctr[8];
- unsigned int datalen, reveallen;
+ size_t datalen, reveallen;
unsigned char *data = NULL;
unsigned char *nul = NULL;
unsigned char givenmac[20];
@@ -918,7 +918,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
if (k > 0 && n > 0 && k <= n && start > 0 && end > 0 && start < end) {
if (k == 1) {
- int fraglen = end - start - 1;
+ size_t fraglen = end - start - 1;
size_t newsize = fraglen + 1;
free(context->context_priv->fragment);
context->context_priv->fragment = NULL;
@@ -939,7 +939,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
}
} else if (n == context->context_priv->fragment_n &&
k == context->context_priv->fragment_k + 1) {
- int fraglen = end - start - 1;
+ size_t fraglen = end - start - 1;
char *newfrag = NULL;
size_t newsize = context->context_priv->fragment_len + fraglen + 1;
/* Check for overflow */
@@ -991,10 +991,10 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count,
char ***fragments, ConnContext *context, const char *message)
{
char *fragdata;
- int fragdatalen = 0;
+ size_t fragdatalen = 0;
int curfrag = 0;
- int index = 0;
- int msglen = strlen(message);
+ size_t index = 0;
+ size_t msglen = strlen(message);
/* Should vary by number of msgs */
int headerlen = context->protocol_version == 3 ? 37 : 19;
@@ -1014,7 +1014,7 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count,
int i;
char *fragmentmsg;
- if (msglen - index < mms - headerlen) {
+ if (msglen - index < (size_t)(mms - headerlen)) {
fragdatalen = msglen - index;
} else {
fragdatalen = mms - headerlen;
diff --git a/plugins/MirOTR/libotr/src/version.h b/plugins/MirOTR/libotr/src/version.h
index ae2f7ff3dd..c7f990fb50 100644
--- a/plugins/MirOTR/libotr/src/version.h
+++ b/plugins/MirOTR/libotr/src/version.h
@@ -1,6 +1,6 @@
/*
* Off-the-Record Messaging library
- * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits,
+ * Copyright (C) 2004-2016 Ian Goldberg, David Goulet, Rob Smits,
* Chris Alexander, Willy Lew, Lisa Du,
* Nikita Borisov
* <otr@cypherpunks.ca>
@@ -22,10 +22,10 @@
#ifndef __VERSION_H__
#define __VERSION_H__
-#define OTRL_VERSION "4.1.0"
+#define OTRL_VERSION "4.1.1"
#define OTRL_VERSION_MAJOR 4
#define OTRL_VERSION_MINOR 1
-#define OTRL_VERSION_SUB 0
+#define OTRL_VERSION_SUB 1
#endif