GitLab

In several places in proto.c, the sizes of portions of incoming messages
were stored in variables of type int or unsigned int instead of size_t.
If a message arrives with very large sizes (for example unsigned int
datalen = UINT_MAX), then constructions like malloc(datalen+1) will turn
into malloc(0), which on some architectures returns a non-NULL pointer,
but UINT_MAX bytes will get written to that pointer.

Ensure all calls to malloc or realloc cannot integer overflow like this.

Thanks to Markus Vervier of X41 D-Sec GmbH <markus.vervier@x41-dsec.de>
for the report.
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

How to handle v2 versus v3 messages for the Reveal Signature and
Signature messages was missing from the Protocol-v3.html document.

Thanks to Ola Bini <obini@thoughtworks.com> for the report.

Fixes #119
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Clarify that instance tags and fragment numbers in the OTR fragment
format are allowed to have leading 0s.

Thanks to Ola Bini <obini@thoughtworks.com> for the report.

Fixes #107
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

Thanks to Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> for the report.
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

If err = otrl_proto_create_data(&mp, ...) returns an early error, then
mp may not have yet been set to NULL.  If the calling code *both*
(a) had not set mp to NULL to begin with, *and*
(b) calls free(mp) _outside_ of the test for if (!err),
then free(mp) will be freeing an uninitialized pointer.

So ensure every call to otrl_proto_create_data either initializes its mp
to NULL, or only frees mp if the call succeeds, or both.  There were two
places where neither was happening.  Other places, one or the other was
already happening.

Also, for extra precaution, set the message pointer in
otrl_proto_create_data() to NULL at the beginning.

Thanks to Nicolas Guigo <nicolas.guigo@nccgroup.trust> and
Ben Hawkes <hawkes@inertiawar.com> for the report.

Fixes #72

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Thanks to Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> for
the report.

Fixes #76

Thanks to Hannes Mehnert <hannes@mehnert.org> and Nadim Kobeissi
<nadim@nadim.computer> for the reports.

Thanks to Adam Langley <agl@imperialviolet.org> and Hannes Mehnert
<hannes@mehnert.org> for the report.
Acked-by: Hannes Mehnert <hannes@mehnert.org>
Acked-by: David Goulet <dgoulet@ev0ke.net>

Fixes #61

Remove "sender_instance, receiver_instance," from description of v2
fragmentation and clarify that you can't fragment a fragment.  Thanks to
Hannes Mehnert <hannes@mehnert.org> for the report.

Thanks to Julien Voisin <julien.voisin@dustri.org> and David Goulet
<dgoulet@ev0ke.net> for the suite!

This is a completely new test suite that adds unit and regression tests.
Still not everything is covered but it's at 76.3% line coverage and
87.5% function coverage. See the current status here.

	https://coverage.otr.im/



In order to run the tests, simply type "make check" from the top
directory of the repository.

The test suite uses libtap and adds both a shell and C library located
in tests/utils/tap.

Note that this test suite is not related at all to the tests located in
the directory test_suite. Future work should be done to either merge
them or remove the old one.

Tested with libgcrypt 1.5.4 and 1.6.2.
Signed-off-by: Julien Voisin <julien.voisin@dustri.org>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Fixes #8

* b64.c (otrl_base64_otr_encode): In case some future code path
tries to call otrl_base64_otr_encode with a buffer more than
3/4 the size of all addressable memory, return NULL rather than
causing an integer overflow and a heap overrun.  Thanks to
David Remahl <david@remahl.se> for the report.

* proto.c (otrl_proto_create_data): Tiny refactor to call
otrl_base64_otr_encode instead of duplicating the code here.

Fixes #64

Finalize the date in NEWS and README

Thanks to Fred Yontz <fred@ridersite.org> for the report.

This is mostly to be able to access it in the test suite following this
commit.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Ref:
https://lists.cypherpunks.ca/pipermail/otr-dev/2014-September/002199.html



Fixes #53
Reported-by: k007k <k007k@wp.pl>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Fixes #38
Acked-by: Matthew D. Green <matthewdgreen@gmail.com>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Fixes #30
Signed-off-by: marshal <info@startplaza.nu>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Make sure we free the old messagep value if the fragment_and_send call
successfully sets it to a new value.

(Repairs a problem introduced in c87b3fe6

)

Fixes #25
Reported-by: b42 <b42@srck.net>
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Ian Goldberg <iang@cs.uwaterloo.ca>

Acked-by: David Goulet <dgoulet@ev0ke.net>

Fixes #33

Using a convoluted while loop that changes the len variable is not
recommended.

Also, make the diff volatile so we are sure the compiler does not do
some unwanted optimization.
Acked-by: David Goulet <dgoulet@ev0ke.net>

Slightly tweaked by Ian Goldberg <ian@cypherpunks.ca>

Fixes #22

Related to #20 that submitted a wrong patch due to bad understanding
thus the reason of this commit.
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

Fixes #20

Fixes #18

Acked-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Julien Voisin <julien.voisin@dustri.org>

The most important feature here is that the compilation is now silent
thus it's now much more easier to spot warnings/errors by the compiler.

To make it verbose, simply use "make V=1".

Fixes #11

Signed-off-by: David Goulet <dgoulet@ev0ke.net>

This is to initialize automatically the repository with autoreconf.
It's the common name to use for that script (also used is "autogen.sh").

Update INSTALL file with bootstrap script

Fixes #10
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

Fixes #9
Signed-off-by: David Goulet <dgoulet@ev0ke.net>

Fixes #5
Acked-by: Nikita Borisov <me+otr.im@nikita.ca>
Acked-by: David Goulet <dgoulet@ev0ke.net>
Signed-off-by: Julien Voisin <julien.voisin@dustri.org>

Thanks to jvoisin <julien.voisin@dustri.org> for the suggestion.

Return 0 instead of crashing from otrl_proto_query_bestversion if passed
an illegal input.  Thanks to Conrad Hoffmann <ch@bitfehler.net> for the
report and the patch.