[Pkg-privacy-commits] [libotr] 05/06: More carefully check for crazy short OTR auth messages.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 12:46:08 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to tag release_3_2_1
in repository libotr.
commit d6ecf66a0c49ea690259f4a563e82a0671736d97
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date: Tue Aug 14 08:31:53 2012 -0400
More carefully check for crazy short OTR auth messages.
Thanks to Ben Hawkes <hawkes at inertiawar.com> for the report.
---
ChangeLog | 6 ++++++
src/auth.c | 3 +++
2 files changed, 9 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 9073c67..71c8274 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-08-14
+
+ * src/auth.c: More carefully check for crazy short OTR auth
+ messages. Thanks to Ben Hawkes <hawkes at inertiawar.com> for the
+ report.
+
2012-07-27
* src/version.h: Update libotr version number to 3.2.1
diff --git a/src/auth.c b/src/auth.c
index a6752c3..c638eea 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -722,6 +722,7 @@ gcry_error_t otrl_auth_handle_key(OtrlAuthInfo *auth, const char *keymsg,
lenp = buflen;
/* Header */
+ require_len(3);
if (memcmp(bufp, "\x00\x02\x0a", 3)) goto invval;
bufp += 3; lenp -= 3;
@@ -818,6 +819,7 @@ gcry_error_t otrl_auth_handle_revealsig(OtrlAuthInfo *auth,
lenp = buflen;
/* Header */
+ require_len(3);
if (memcmp(bufp, "\x00\x02\x11", 3)) goto invval;
bufp += 3; lenp -= 3;
@@ -983,6 +985,7 @@ gcry_error_t otrl_auth_handle_signature(OtrlAuthInfo *auth,
bufp = buf;
lenp = buflen;
+ require_len(3);
/* Header */
if (memcmp(bufp, "\x00\x02\x12", 3)) goto invval;
bufp += 3; lenp -= 3;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/libotr.git
More information about the Pkg-privacy-commits
mailing list