MirOTR: Updated lobotr to version 4.1.1 (fixes #1208)

-Fix an integer overflow bug that can cause a heap buffer overflow (and from there remote code execution) on 64-bit platforms
-Fix possible free() of an uninitialized pointer
-Be stricter about parsing v3 fragments
-Add a testsuite ("make check" to run it), but only on Linux for now, since it uses Linux-specific features such as epoll
-Fix a memory leak when reading a malformed instance tag file
-Protocol documentation clarifications

git-svn-id: http://svn.miranda-ng.org/main/trunk@16454 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c

1 files changed, 10 insertions, 10 deletions

diff --git a/plugins/MirOTR/libotr/src/proto.c b/plugins/MirOTR/libotr/src/proto.c
index 22e50ebb20..898ace5db7 100644
--- a/plugins/MirOTR/libotr/src/proto.c
+++ b/plugins/MirOTR/libotr/src/proto.c
@@ -1,6 +1,6 @@
 /*
  *  Off-the-Record Messaging library
- *  Copyright (C) 2004-2014  Ian Goldberg, David Goulet, Rob Smits,
+ *  Copyright (C) 2004-2016  Ian Goldberg, David Goulet, Rob Smits,
  *                           Chris Alexander, Willy Lew, Lisa Du,
  *                           Nikita Borisov
  *                           <otr@cypherpunks.ca>
@@ -498,6 +498,8 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context,
     char *msgdup;
     int version = context->protocol_version;
 
+    *encmessagep = NULL;
+
     /* Make sure we're actually supposed to be able to encrypt */
     if (context->msgstate != OTRL_MSGSTATE_ENCRYPTED ||
 	    context->context_priv->their_keyid == 0) {
@@ -512,8 +514,6 @@ gcry_error_t otrl_proto_create_data(char **encmessagep, ConnContext *context,
     }
     strcpy(msgdup, msg);
 
-    *encmessagep = NULL;
-
     /* Header, msg flags, send keyid, recv keyid, counter, msg len, msg
      * len of revealed mac keys, revealed mac keys, MAC */
     buflen = OTRL_HEADER_LEN + (version == 3 ? 8 : 0)
@@ -717,7 +717,7 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
     unsigned int sender_keyid, recipient_keyid;
     gcry_mpi_t sender_next_y = NULL;
     unsigned char ctr[8];
-    unsigned int datalen, reveallen;
+    size_t datalen, reveallen;
     unsigned char *data = NULL;
     unsigned char *nul = NULL;
     unsigned char givenmac[20];
@@ -918,7 +918,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 
     if (k > 0 && n > 0 && k <= n && start > 0 && end > 0 && start < end) {
 	if (k == 1) {
-	    int fraglen = end - start - 1;
+	    size_t fraglen = end - start - 1;
 	    size_t newsize = fraglen + 1;
 	    free(context->context_priv->fragment);
 	    context->context_priv->fragment = NULL;
@@ -939,7 +939,7 @@ OtrlFragmentResult otrl_proto_fragment_accumulate(char **unfragmessagep,
 	    }
 	} else if (n == context->context_priv->fragment_n &&
 		k == context->context_priv->fragment_k + 1) {
-	    int fraglen = end - start - 1;
+	    size_t fraglen = end - start - 1;
 	    char *newfrag = NULL;
 	    size_t newsize = context->context_priv->fragment_len + fraglen + 1;
 	    /* Check for overflow */
@@ -991,10 +991,10 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count,
 	char ***fragments, ConnContext *context, const char *message)
 {
     char *fragdata;
-    int fragdatalen = 0;
+    size_t fragdatalen = 0;
     int curfrag = 0;
-    int index = 0;
-    int msglen = strlen(message);
+    size_t index = 0;
+    size_t msglen = strlen(message);
     /* Should vary by number of msgs */
     int headerlen = context->protocol_version == 3 ? 37 : 19;
 
@@ -1014,7 +1014,7 @@ gcry_error_t otrl_proto_fragment_create(int mms, int fragment_count,
 	int i;
 	char *fragmentmsg;
 
-	if (msglen - index < mms - headerlen) {
+	if (msglen - index < (size_t)(mms - headerlen)) {
 	    fragdatalen = msglen - index;
 	} else {
 	    fragdatalen = mms - headerlen;