[Pkg-privacy-commits] [libotr] 107/225: Don't do the "check which key is bigger" dance with the master context

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:06 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit a7dc24c2f611392adc24cf360504b45dc2f88c65
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Sat Aug 25 14:39:36 2012 -0400

    Don't do the "check which key is bigger" dance with the master context
    
    If we receive a COMMIT message after sending our own COMMIT, it used to
    be the case that this was a simultaneous attempt to start OTR from each
    side.  Now it's much more likely that one side sent its COMMIT some time
    in the past, but it stuck around in the master context, just in case
    some other logged in instance of the buddy is still going to respond
    with a DHKEY message.  So if we now receive a COMMIT *to* the master
    context, ignore the old COMMIT we sent, and always use the received one
    to start a new SIGMA protocol.
---
 src/auth.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/auth.c b/src/auth.c
index 5021675..09b0408 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -298,6 +298,9 @@ gcry_error_t otrl_auth_handle_commit(OtrlAuthInfo *auth,
     size_t buflen, lenp, enclen, hashlen;
     int res;
 
+    /* Are we the auth for the master context? */
+    int is_master = (auth->context->m_context == auth->context);
+
     res = otrl_base64_otr_decode(commitmsg, &buf, &buflen);
     if (res == -1) goto memerr;
     if (res == -2) goto invval;
@@ -358,8 +361,13 @@ gcry_error_t otrl_auth_handle_commit(OtrlAuthInfo *auth,
 
 	case OTRL_AUTHSTATE_AWAITING_DHKEY:
 	    /* We sent a D-H Commit Message, and we also received one
-	     * back.  Compare the hashgx values to see which one wins. */
-	    if (memcmp(auth->hashgx, hashbuf, 32) > 0) {
+	     * back.  If we're the master context, then the keypair in here
+	     * is probably stale; we just kept it around for a little
+	     * while in case some other logged in instance of our buddy
+	     * replied with a DHKEY message.  In that case, use the
+	     * incoming parameters.  Otherwise, compare the hashgx
+	     * values to see which one wins. */
+	    if (!is_master && memcmp(auth->hashgx, hashbuf, 32) > 0) {
 		/* Ours wins.  Ignore the message we received, and just
 		 * resend the same D-H Commit message again. */
 		free(encbuf);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git

More information about the Pkg-privacy-commits mailing list