diff options
author | Tobias Weimer <wishmaster51@googlemail.com> | 2016-03-10 18:50:25 +0000 |
---|---|---|
committer | Tobias Weimer <wishmaster51@googlemail.com> | 2016-03-10 18:50:25 +0000 |
commit | 233d4da0d94f0fddd54182426f5abef7eb2a25f7 (patch) | |
tree | e4f7ee131c74164e4f81851dfa56bf42f8ed1efd | |
parent | 556378c60ee53dd36c828976e51664b6d61736f0 (diff) |
MirOTR: Updated lobotr to version 4.1.1 (fixes #1208)
-Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms
-Fix possible free() of an uninitialized pointer
-Be stricter about parsing v3 fragments
-Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll
-Fix a memory leak when reading a malformed instance tag file
-Protocol documentation clarifications
git-svn-id: http://svn.miranda-ng.org/main/trunk@16454 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
-rw-r--r-- | plugins/MirOTR/libotr/src/instag.c | 21 | ||||
-rw-r--r-- | plugins/MirOTR/libotr/src/message.c | 9 | ||||
-rw-r--r-- | plugins/MirOTR/libotr/src/proto.c | 20 | ||||
-rw-r--r-- | plugins/MirOTR/libotr/src/version.h | 6 |
4 files changed, 35 insertions, 21 deletions
diff --git a/plugins/MirOTR/libotr/src/instag.c b/plugins/MirOTR/libotr/src/instag.c index 6b829de449..cccd94fb6c 100644 --- a/plugins/MirOTR/libotr/src/instag.c +++ b/plugins/MirOTR/libotr/src/instag.c @@ -1,6 +1,6 @@ /* * Off-the-Record Messaging library - * Copyright (C) 2004-2012 Ian Goldberg, Rob Smits, Chris Alexander, + * Copyright (C) 2004-2015 Ian Goldberg, Rob Smits, Chris Alexander, * Willy Lew, Lisa Du, Nikita Borisov * <otr@cypherpunks.ca> * @@ -90,12 +90,11 @@ gcry_error_t otrl_instag_read(OtrlUserState us, const char *filename) * OtrlUserState. The FILE* must be open for reading. */ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf) { + if (!instf) return gcry_error(GPG_ERR_NO_ERROR); OtrlInsTag *p; char storeline[1000]; size_t maxsize = sizeof(storeline); - - if (!instf) return gcry_error(GPG_ERR_NO_ERROR); while(fgets(storeline, maxsize, instf)) { char *prevpos; @@ -118,23 +117,35 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf) *pos = '\0'; pos++; p->accountname = malloc(pos - prevpos); + if (!(p->accountname)) { + free(p); + return gcry_error(GPG_ERR_ENOMEM); + } memmove(p->accountname, prevpos, pos - prevpos); prevpos = pos; pos = strchr(prevpos, '\t'); if (!pos) { + free(p->accountname); free(p); continue; } *pos = '\0'; pos++; p->protocol = malloc(pos - prevpos); + if (!(p->protocol)) { + free(p->accountname); + free(p); + return gcry_error(GPG_ERR_ENOMEM); + } memmove(p->protocol, prevpos, pos - prevpos); prevpos = pos; pos = strchr(prevpos, '\r'); if (!pos) pos = strchr(prevpos, '\n'); if (!pos) { + free(p->accountname); + free(p->protocol); free(p); continue; } @@ -142,6 +153,8 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf) pos++; /* hex str of length 8 */ if (strlen(prevpos) != 8) { + free(p->accountname); + free(p->protocol); free(p); continue; } @@ -149,6 +162,8 @@ gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf) sscanf(prevpos, "%08x", &instag); if (instag < OTRL_MIN_VALID_INSTAG) { + free(p->accountname); + free(p->protocol); free(p); continue; } diff --git a/plugins/MirOTR/libotr/src/message.c b/plugins/MirOTR/libotr/src/message.c index b13710cccd..c44ce7b8fc 100644 --- a/plugins/MirOTR/libotr/src/message.c +++ b/plugins/MirOTR/libotr/src/message.c @@ -1,6 +1,6 @@ /* * Off-the-Record Messaging library - * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits, + * Copyright (C) 2004-2015 Ian Goldberg, David Goulet, Rob Smits, * Chris Alexander, Willy Lew, Lisa Du, * Nikita Borisov * <otr@cypherpunks.ca> @@ -467,10 +467,9 @@ static gcry_error_t send_or_error_auth(const OtrlMessageAppOps *ops, if (!err) { const char *msg = context->auth.lastauthmsg; if (msg && *msg) { - time_t now; fragment_and_send(ops, opdata, context, msg, OTRL_FRAGMENT_SEND_ALL, NULL); - now = time(NULL); + time_t now = time(NULL); /* Update the "last sent" fields, unless this is a version 3 * message typing to update the master context (as happens * when sending a v3 COMMIT message, for example). */ @@ -1506,7 +1505,7 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops, unsigned char* nextmsg; int nextmsglen; OtrlTLV *sendtlv; - char *sendsmp; + char *sendsmp = NULL; otrl_sm_step3(context->smstate, tlv->data, tlv->len, &nextmsg, &nextmsglen); @@ -1561,7 +1560,7 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops, unsigned char* nextmsg; int nextmsglen; OtrlTLV *sendtlv; - char *sendsmp; + char *sendsmp = NULL; err = otrl_sm_step4(context->smstate, tlv->data, tlv->len, &nextmsg, &nextmsglen); /* Set trust level based on result */ diff --git a/plugins/MirOTR/libotr/src/proto.c b/plugins/MirOTR/libotr/src/proto.c index 22e50ebb20..898ace5db7 100644 --- a/plugins/MirOTR/libotr/src/proto.c +++ b/plugins/MirOTR/libotr/src/proto.c @@ -1,6 +1,6 @@ /* * Off-the-Record Messaging library - * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits, + * Copyright (C) 2004-2016 Ian Goldberg, David Goulet, Rob Smits, * Chris Alexander, Willy Lew, Lisa Du, * Nikita Borisov * <otr@cypherpunks.ca> @@ -498,6 +498,8 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context, char *msgdup; int version = context->protocol_version; + *encmessagep = NULL; + /* Make sure we're actually supposed to be able to encrypt */ if (context->msgstate != OTRL_MSGSTATE_ENCRYPTED || context->context_priv->their_keyid == 0) { @@ -512,8 +514,6 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context, } strcpy(msgdup, msg); - *encmessagep = NULL; - /* Header, msg flags, send keyid, recv keyid, counter, msg len, msg * len of revealed mac keys, revealed mac keys, MAC */ buflen = OTRL_HEADER_LEN + (version == 3 ? 8 : 0) @@ -717,7 +717,7 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp, unsigned int sender_keyid, recipient_keyid; gcry_mpi_t sender_next_y = NULL; unsigned char ctr[8]; - unsigned int datalen, reveallen; + size_t datalen, reveallen; unsigned char *data = NULL; unsigned char *nul = NULL; unsigned char givenmac[20]; @@ -918,7 +918,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep, if (k > 0 && n > 0 && k <= n && start > 0 && end > 0 && start < end) { if (k == 1) { - int fraglen = end - start - 1; + size_t fraglen = end - start - 1; size_t newsize = fraglen + 1; free(context->context_priv->fragment); context->context_priv->fragment = NULL; @@ -939,7 +939,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep, } } else if (n == context->context_priv->fragment_n && k == context->context_priv->fragment_k + 1) { - int fraglen = end - start - 1; + size_t fraglen = end - start - 1; char *newfrag = NULL; size_t newsize = context->context_priv->fragment_len + fraglen + 1; /* Check for overflow */ @@ -991,10 +991,10 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count, char ***fragments, ConnContext *context, const char *message) { char *fragdata; - int fragdatalen = 0; + size_t fragdatalen = 0; int curfrag = 0; - int index = 0; - int msglen = strlen(message); + size_t index = 0; + size_t msglen = strlen(message); /* Should vary by number of msgs */ int headerlen = context->protocol_version == 3 ? 37 : 19; @@ -1014,7 +1014,7 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count, int i; char *fragmentmsg; - if (msglen - index < mms - headerlen) { + if (msglen - index < (size_t)(mms - headerlen)) { fragdatalen = msglen - index; } else { fragdatalen = mms - headerlen; diff --git a/plugins/MirOTR/libotr/src/version.h b/plugins/MirOTR/libotr/src/version.h index ae2f7ff3dd..c7f990fb50 100644 --- a/plugins/MirOTR/libotr/src/version.h +++ b/plugins/MirOTR/libotr/src/version.h @@ -1,6 +1,6 @@ /* * Off-the-Record Messaging library - * Copyright (C) 2004-2014 Ian Goldberg, David Goulet, Rob Smits, + * Copyright (C) 2004-2016 Ian Goldberg, David Goulet, Rob Smits, * Chris Alexander, Willy Lew, Lisa Du, * Nikita Borisov * <otr@cypherpunks.ca> @@ -22,10 +22,10 @@ #ifndef __VERSION_H__ #define __VERSION_H__ -#define OTRL_VERSION "4.1.0" +#define OTRL_VERSION "4.1.1" #define OTRL_VERSION_MAJOR 4 #define OTRL_VERSION_MINOR 1 -#define OTRL_VERSION_SUB 0 +#define OTRL_VERSION_SUB 1 #endif |