Possible parsing issue in message.c
In message.c, it seems to assume that the first '?OTR|' occurence is at the same offset as the first '?OTR' occurence. Doesn't seem to raise any security issue though.
Proposed patch:
--- ../libotr-4.1.0/src/message.c 2015-01-17 21:10:15.244660449 +0100
+++ message.c 2015-01-18 18:47:09.342512374 +0100
@@ -987,7 +987,7 @@
otrtag = strstr(message, "?OTR");
if (otrtag) {
/* See if we have a V3 fragment */
- if (strstr(message, "?OTR|")) {
+ if (otrtag == strstr(message, "?OTR|")) {
/* Get the instance tag from fragment header*/
sscanf(otrtag, "?OTR|%x|%x,", &their_instance, &our_instance);
/* Ignore message if it is intended for a different instance */
(from redmine: created on 2015-01-26, closed on 2015-02-08)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information