Commit 03e3cad9 authored by Ian Goldberg's avatar Ian Goldberg

Be stricter about parsing v3 fragments

Thanks to Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> for
the report.

Fixes #76
parent 46b189c2
......@@ -4,6 +4,10 @@
<hannes@mehnert.org> and Nadim Kobeissi <nadim@nadim.computer>
for the reports.
* src/message.c: Be stricter about parsing v3 fragments. Thanks
to Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> for
the report.
2014-12-18
* Protocol-v3.html: Remove "sender_instance, receiver_instance,"
......
......@@ -986,8 +986,11 @@ int otrl_message_receiving(OtrlUserState us, const OtrlMessageAppOps *ops,
otrtag = strstr(message, "?OTR");
if (otrtag) {
/* See if we have a V3 fragment */
if (strstr(message, "?OTR|")) {
/* See if we have a V3 fragment. The '4' in the next line is
* strlen("?OTR"). otrtag[4] is the character immediately after
* the "?OTR", and is guaranteed to exist, because in the worst
* case, it is the NUL terminating 'message'. */
if (otrtag[4] == '|') {
/* Get the instance tag from fragment header*/
sscanf(otrtag, "?OTR|%x|%x,", &their_instance, &our_instance);
/* Ignore message if it is intended for a different instance */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment