Possible parsing issue in message.c
In message.c, it seems to assume that the first '?OTR|' occurence is at the same offset as the first '?OTR' occurence. Doesn't seem to raise any security issue though.
Proposed patch:
--- ../libotr-4.1.0/src/message.c 2015-01-17 21:10:15.244660449 +0100 +++ message.c 2015-01-18 18:47:09.342512374 +0100 @@ -987,7 +987,7 @@ otrtag = strstr(message, "?OTR"); if (otrtag) { /* See if we have a V3 fragment */ - if (strstr(message, "?OTR|")) { + if (otrtag == strstr(message, "?OTR|")) { /* Get the instance tag from fragment header*/ sscanf(otrtag, "?OTR|%x|%x,", &their_instance, &our_instance); /* Ignore message if it is intended for a different instance */
(from redmine: created on 2015-01-26, closed on 2015-02-08)