[Pkg-privacy-commits] [libotr] 146/225: Imported Debian patch 3.2.0-2.1

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 12:45:18 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository libotr.

commit d1c04240c1cd4d9d8e30b9cbdf9818156ac6882e
Author: Andreas Metzler <ametzler at debian.org>
Date:   Sat Jun 18 14:39:28 2011 +0200

    Imported Debian patch 3.2.0-2.1
---
 debian/changelog | 10 +++++-----
 debian/rules     |  2 ++
 src/b64.c        | 16 +++++-----------
 src/b64.h        | 18 ++----------------
 src/proto.c      | 16 ++++------------
 toolkit/parse.c  |  9 +++------
 6 files changed, 21 insertions(+), 50 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b7c31f0..48aa5f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-libotr (3.2.0-2+squeeze1) stable-security; urgency=high
+libotr (3.2.0-2.1) unstable; urgency=low
 
-  * Non-maintainer upload by the Security Team.
-  * Fix potential buffer overflows in base64 handling
-    (CVE-2012-3461; Closes: #684121).
+  * Non-maintainer upload.
+  * Empty dependency_libs in libtool la file(s).
+    http://wiki.debian.org/ReleaseGoals/LAFileRemoval Closes: #619674
 
- -- Nico Golde <nion at debian.org>  Sun, 12 Aug 2012 11:39:08 +0000
+ -- Andreas Metzler <ametzler at debian.org>  Sat, 18 Jun 2011 14:39:28 +0200
 
 libotr (3.2.0-2) unstable; urgency=low
 
diff --git a/debian/rules b/debian/rules
index 9e23f25..595b1a4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -62,6 +62,8 @@ install: build
 
 	# Add here commands to install the package
 	$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
+	find $(CURDIR)/debian/tmp/usr/lib -name "*.la" -exec \
+		sed -i -e "s,^dependency_libs=.*,dependency_libs=''," {} +
 
 
 # Build architecture-independent files here.
diff --git a/src/b64.c b/src/b64.c
index 9e35251..b8736da 100644
--- a/src/b64.c
+++ b/src/b64.c
@@ -55,7 +55,7 @@ VERSION HISTORY:
 \******************************************************************* */
 
 /* system headers */
-#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 /* libotr headers */
@@ -147,9 +147,8 @@ static size_t decode(unsigned char *out, const char *in, size_t b64len)
  * base64 decode data.  Skip non-base64 chars, and terminate at the
  * first '=', or the end of the buffer.
  *
- * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
- * of space.  This function will return the number of bytes actually
- * used.
+ * The buffer data must contain at least (base64len / 4) * 3 bytes of
+ * space.  This function will return the number of bytes actually used.
  */
 size_t otrl_base64_decode(unsigned char *data, const char *base64data,
 	size_t base64len)
@@ -235,18 +234,13 @@ int otrl_base64_otr_decode(const char *msg, unsigned char **bufp,
 	return -2;
     }
 
-    /* Skip over the "?OTR:" */
-    otrtag += 5;
-    msglen -= 5;
-
     /* Base64-decode the message */
-    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
     rawmsg = malloc(rawlen);
     if (!rawmsg && rawlen > 0) {
 	return -1;
     }
-
-    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
 
     *bufp = rawmsg;
     *lenp = rawlen;
diff --git a/src/b64.h b/src/b64.h
index dd0e115..34ef03f 100644
--- a/src/b64.h
+++ b/src/b64.h
@@ -20,19 +20,6 @@
 #ifndef __B64_H__
 #define __B64_H__
 
-#include <stdlib.h>
-
-/* Base64 encodes blocks of this many bytes: */
-#define OTRL_B64_DECODED_LEN 3
-/* into blocks of this many bytes: */
-#define OTRL_B64_ENCODED_LEN 4
-
-/* An encoded block of length encoded_len can turn into a maximum of
- * this many decoded bytes: */
-#define OTRL_B64_MAX_DECODED_SIZE(encoded_len) \
-    (((encoded_len + OTRL_B64_ENCODED_LEN - 1) / OTRL_B64_ENCODED_LEN) \
-	* OTRL_B64_DECODED_LEN)
-
 /*
  * base64 encode data.  Insert no linebreaks or whitespace.
  *
@@ -46,9 +33,8 @@ size_t otrl_base64_encode(char *base64data, const unsigned char *data,
  * base64 decode data.  Skip non-base64 chars, and terminate at the
  * first '=', or the end of the buffer.
  *
- * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes
- * of space.  This function will return the number of bytes actually
- * used.
+ * The buffer data must contain at least (base64len / 4) * 3 bytes of
+ * space.  This function will return the number of bytes actually used.
  */
 size_t otrl_base64_decode(unsigned char *data, const char *base64data,
 	size_t base64len);
diff --git a/src/proto.c b/src/proto.c
index 0374dfe..3f8c987 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -537,17 +537,13 @@ gcry_error_t otrl_proto_data_read_flags(const char *datamsg,
 	msglen = strlen(otrtag);
     }
 
-    /* Skip over the "?OTR:" */
-    otrtag += 5;
-    msglen -= 5;
-
     /* Base64-decode the message */
-    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
     rawmsg = malloc(rawlen);
     if (!rawmsg && rawlen > 0) {
 	return gcry_error(GPG_ERR_ENOMEM);
     }
-    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
 
     bufp = rawmsg;
     lenp = rawlen;
@@ -610,18 +606,14 @@ gcry_error_t otrl_proto_accept_data(char **plaintextp, OtrlTLV **tlvsp,
 	msglen = strlen(otrtag);
     }
 
-    /* Skip over the "?OTR:" */
-    otrtag += 5;
-    msglen -= 5;
-
     /* Base64-decode the message */
-    rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen);   /* maximum possible */
+    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
     rawmsg = malloc(rawlen);
     if (!rawmsg && rawlen > 0) {
 	err = gcry_error(GPG_ERR_ENOMEM);
 	goto err;
     }
-    rawlen = otrl_base64_decode(rawmsg, otrtag, msglen);  /* actual size */
+    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */
 
     bufp = rawmsg;
     lenp = rawlen;
diff --git a/toolkit/parse.c b/toolkit/parse.c
index 16718ca..5f357fc 100644
--- a/toolkit/parse.c
+++ b/toolkit/parse.c
@@ -64,8 +64,7 @@ static unsigned char *decode(const char *msg, size_t *lenp)
 {
     const char *header, *footer;
     unsigned char *raw;
-    size_t rawlen;
-
+	
     /* Find the header */
     header = strstr(msg, "?OTR:");
     if (!header) return NULL;
@@ -76,10 +75,8 @@ static unsigned char *decode(const char *msg, size_t *lenp)
     footer = strchr(header, '.');
     if (!footer) footer = header + strlen(header);
 
-    rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header);
-
-    raw = malloc(rawlen);
-    if (raw == NULL && rawlen > 0) return NULL;
+    raw = malloc((footer-header) / 4 * 3);
+    if (raw == NULL && (footer-header >= 4)) return NULL;
     *lenp = otrl_base64_decode(raw, header, footer-header);
 
     return raw;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git

More information about the Pkg-privacy-commits mailing list