[Pkg-privacy-commits] [libotr] 08/20: Be stricter about parsing v3 fragments

[Intrigeri]

This is an automated email from the git hooks/post-receive script.

intrigeri pushed a commit to annotated tag 4.1.1
in repository libotr.

commit 03e3cad9644a2c02f330944f1ea1c1ca873e76e9
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Sun Feb 8 12:46:45 2015 +0000

    Be stricter about parsing v3 fragments
    
    Thanks to Jean-Philippe Aumasson <jeanphilippe.aumasson at gmail.com> for
    the report.
    
    Fixes #76
---
 ChangeLog     | 4 ++++
 src/message.c | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b056cfb..c0da98b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@
 	<hannes at mehnert.org> and Nadim Kobeissi <nadim at nadim.computer>
 	for the reports.
 
+	* src/message.c: Be stricter about parsing v3 fragments.  Thanks
+	to Jean-Philippe Aumasson <jeanphilippe.aumasson at gmail.com> for
+	the report.
+
 2014-12-18
 
 	* Protocol-v3.html: Remove "sender_instance, receiver_instance,"
diff --git a/src/message.c b/src/message.c
index f17e5e1..150b6ad 100644
--- a/src/message.c
+++ b/src/message.c
@@ -986,8 +986,11 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
 
     otrtag = strstr(message, "?OTR");
     if (otrtag) {
-	/* See if we have a V3 fragment */
-	if (strstr(message, "?OTR|")) {
+	/* See if we have a V3 fragment.  The '4' in the next line is
+	 * strlen("?OTR").  otrtag[4] is the character immediately after
+	 * the "?OTR", and is guaranteed to exist, because in the worst
+	 * case, it is the NUL terminating 'message'. */
+	if (otrtag[4] == '|') {
 	    /* Get the instance tag from fragment header*/
 	    sscanf(otrtag, "?OTR|%x|%x,", &their_instance, &our_instance);
 	    /* Ignore message if it is intended for a different instance */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git