From 37a22955a1b614c0b112ae5dee30ce1f6c80da77 Mon Sep 17 00:00:00 2001
From: Vadim Dashevskiy <watcherhd@gmail.com>
Date: Fri, 11 Mar 2016 10:15:52 +0000
Subject: compilation fix

git-svn-id: http://svn.miranda-ng.org/main/trunk@16455 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
---
 plugins/MirOTR/libotr/read/ChangeLog        | 60 +++++++++++++++++++++++++++++
 plugins/MirOTR/libotr/read/NEWS             | 11 ++++++
 plugins/MirOTR/libotr/read/Protocol-v3.html | 11 ++++--
 plugins/MirOTR/libotr/read/README           |  4 +-
 plugins/MirOTR/libotr/src/instag.c          |  7 ++--
 plugins/MirOTR/libotr/src/message.c         |  3 +-
 6 files changed, 87 insertions(+), 9 deletions(-)

(limited to 'plugins/MirOTR/libotr')

diff --git a/plugins/MirOTR/libotr/read/ChangeLog b/plugins/MirOTR/libotr/read/ChangeLog
index c0da98b1d3..35752b00bc 100644
--- a/plugins/MirOTR/libotr/read/ChangeLog
+++ b/plugins/MirOTR/libotr/read/ChangeLog
@@ -1,3 +1,63 @@
+2016-03-07
+
+	* tests/regression/client/Makefile.am:
+	* tests/unit/Makefile.am: Add LIBGCRYPT_CFLAGS to the test suite
+
+	* Makefile.am:
+	* configure.ac: Only build the test suite on Linux, since it
+	currently uses Linux-specific features such as epoll
+
+2016-03-06
+
+	* Makefile.am: Add bootstrap to the tarball
+
+2016-03-04
+
+	* README:
+	* configure.ac:
+	* src/version.h: Bump version number to 4.1.1
+
+2016-03-03
+
+	* src/proto.c (otrl_proto_accept_data):
+	* src/proto.c (otrl_proto_fragment_accumulate):
+	* src/proto.c (otrl_proto_fragment_create): Prevent integer
+	overflow on 64-bit architectures when receiving 4GB messages.
+	In several places in proto.c, the sizes of portions of incoming
+	messages were stored in variables of type int or unsigned int
+	instead of size_t.  If a message arrives with very large
+	sizes (for example unsigned int datalen = UINT_MAX), then
+	constructions like malloc(datalen+1) will turn into malloc(0),
+	which on some architectures returns a non-NULL pointer, but
+	UINT_MAX bytes will get written to that pointer.  Ensure all
+	calls to malloc or realloc cannot integer overflow like this.
+	Thanks to Markus Vervier of X41 D-Sec GmbH
+	<markus.vervier@x41-dsec.de> for the report.
+
+	* Protocol-v3.html: Clarify that instance tags and fragment
+	numbers in the OTR fragment format are allowed to have leading
+	0s.  Also fix that how to handle v2 versus v3 messages for the
+	Reveal Signature and Signature messages was missing.  Thanks to
+	Ola Bini <obini@thoughtworks.com> for the report.
+
+2015-12-25
+
+	* src/instag.c (otrl_instag_read_FILEp): Fix memory leak in
+	otrl_instag_read_FILEp if the tag file is malformed.  Thanks to
+	Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> for the
+	report.
+
+2015-08-18
+
+	* src/message.c (otrl_message_receiving):
+	* src/proto.c (otrl_proto_create_data): Set to NULL the sendsmp
+	pointer when handling SMP to avoid a potential free() of an
+	uninitialized pointer.  Also ensure the message pointer is set
+	to NULL in otrl_proto_create_data for extra precaution and to
+	prevent future code paths from having the same error.  Thanks to
+	Nicolas Guigo <nicolas.guigo@nccgroup.trust> and Ben Hawkes
+	<hawkes@inertiawar.com> for the report.
+
 2015-02-08
 
 	* Protocol-v3.html: Typo fixes, thanks to Hannes Mehnert
diff --git a/plugins/MirOTR/libotr/read/NEWS b/plugins/MirOTR/libotr/read/NEWS
index c88ebf10fa..1be74666e3 100644
--- a/plugins/MirOTR/libotr/read/NEWS
+++ b/plugins/MirOTR/libotr/read/NEWS
@@ -1,3 +1,14 @@
+9 Mar 2016:
+- Release 4.1.1
+- Fix an integer overflow bug that can cause a heap buffer overflow (and
+  from there remote code execution) on 64-bit platforms
+- Fix possible free() of an uninitialized pointer
+- Be stricter about parsing v3 fragments
+- Add a testsuite ("make check" to run it), but only on Linux for now,
+  since it uses Linux-specific features such as epoll
+- Fix a memory leak when reading a malformed instance tag file
+- Protocol documentation clarifications
+
 21 Oct 2014:
 - Release 4.1.0
 - Modernized autoconf build system
diff --git a/plugins/MirOTR/libotr/read/Protocol-v3.html b/plugins/MirOTR/libotr/read/Protocol-v3.html
index 99c376b98b..49b2edbabc 100644
--- a/plugins/MirOTR/libotr/read/Protocol-v3.html
+++ b/plugins/MirOTR/libotr/read/Protocol-v3.html
@@ -1280,7 +1280,8 @@ fragmentation on outgoing messages is optional.</p>
 
     <li>Note that k and n are unsigned short ints (2 bytes), and each has
       a maximum value of 65535.  Also, each piece[k] must be
-      non-empty.</li>
+      non-empty.  The instance tags (if applicable) and the k and n
+      values may have leading zeroes.</li>
     </ul>
     <p>Note that fragments are not themselves messages that can be
     fragmented: you can't fragment a fragment.</p></dd>
@@ -1610,7 +1611,9 @@ AUTHSTATE_V1_SETUP:</dt>
 <dd>Ignore the message.</dd>
 </dl>
 <h4>Receiving a Reveal Signature Message</h4>
-<p>If ALLOW_V2 is not set, ignore this message.  Otherwise:</p>
+<p>If the message is version 2 and ALLOW_V2 is not set, ignore this message.
+Similarly if the message is version 3 and ALLOW_V3 is not set, ignore the
+message. Otherwise:</p>
 <dl>
 <dt>If authstate is AUTHSTATE_AWAITING_REVEALSIG:</dt>
 <dd>Use the received value of r to decrypt the value of g<sup>x</sup>
@@ -1630,7 +1633,9 @@ AUTHSTATE_AWAITING_SIG, or AUTHSTATE_V1_SETUP:</dt>
 <dd>Ignore the message.</dd>
 </dl>
 <h4>Receiving a Signature Message</h4>
-<p>If ALLOW_V2 is not set, ignore this message.  Otherwise:</p>
+<p>If the message is version 2 and ALLOW_V2 is not set, ignore this message.
+Similarly if the message is version 3 and ALLOW_V3 is not set, ignore the
+message. Otherwise:</p>
 <dl>
 <dt>If authstate is AUTHSTATE_AWAITING_SIG:</dt>
 <dd>Decrypt the encrypted signature, and verify the signature and the MACs.
diff --git a/plugins/MirOTR/libotr/read/README b/plugins/MirOTR/libotr/read/README
index 1dd7268291..aa34e08e4f 100644
--- a/plugins/MirOTR/libotr/read/README
+++ b/plugins/MirOTR/libotr/read/README
@@ -1,5 +1,5 @@
 	      Off-the-Record Messaging Library and Toolkit
-			  v4.1.0, 21 Oct 2014
+			  v4.1.1, 9 Mar 2016
 
 This is a library and toolkit which implements Off-the-Record (OTR) Messaging.
 
@@ -309,7 +309,7 @@ The Off-the-Record Messaging library (in the src directory) is
 covered by the following (LGPL) license:
 
     Off-the-Record Messaging library
-    Copyright (C) 2004-2014  Ian Goldberg, David Goulet, Rob Smits,
+    Copyright (C) 2004-2016  Ian Goldberg, David Goulet, Rob Smits,
                              Chris Alexander, Willy Lew, Lisa Du,
 			     Nikita Borisov
 			     <otr@cypherpunks.ca>
diff --git a/plugins/MirOTR/libotr/src/instag.c b/plugins/MirOTR/libotr/src/instag.c
index cccd94fb6c..5538158f7c 100644
--- a/plugins/MirOTR/libotr/src/instag.c
+++ b/plugins/MirOTR/libotr/src/instag.c
@@ -90,12 +90,13 @@ gcry_error_t otrl_instag_read(OtrlUserState us, const char *filename)
  * OtrlUserState. The FILE* must be open for reading. */
 gcry_error_t otrl_instag_read_FILEp(OtrlUserState us, FILE *instf)
 {
-    if (!instf) return gcry_error(GPG_ERR_NO_ERROR);
-
-    OtrlInsTag *p;
+    
+	OtrlInsTag *p;
     char storeline[1000];
     size_t maxsize = sizeof(storeline);
 
+	if (!instf) return gcry_error(GPG_ERR_NO_ERROR);
+
     while(fgets(storeline, maxsize, instf)) {
 	char *prevpos;
 	char *pos;
diff --git a/plugins/MirOTR/libotr/src/message.c b/plugins/MirOTR/libotr/src/message.c
index c44ce7b8fc..6cc8165c27 100644
--- a/plugins/MirOTR/libotr/src/message.c
+++ b/plugins/MirOTR/libotr/src/message.c
@@ -467,9 +467,10 @@ static gcry_error_t send_or_error_auth(const OtrlMessageAppOps *ops,
     if (!err) {
 	const char *msg = context->auth.lastauthmsg;
 	if (msg && *msg) {
+		time_t now;
 	    fragment_and_send(ops, opdata, context, msg,
 		    OTRL_FRAGMENT_SEND_ALL, NULL);
-	    time_t now = time(NULL);
+	    now = time(NULL);
 	    /* Update the "last sent" fields, unless this is a version 3
 	     * message typing to update the master context (as happens
 	     * when sending a v3 COMMIT message, for example). */
-- 
cgit v1.2.3