1. 07 Mar, 2016 2 commits
  2. 06 Mar, 2016 2 commits
  3. 05 Mar, 2016 4 commits
  4. 03 Mar, 2016 3 commits
  5. 25 Dec, 2015 1 commit
    • David Goulet's avatar
      Fix: set to NULL the sendsmp pointer when handling SMP · 70d1df0d
      David Goulet authored
      If err = otrl_proto_create_data(&mp, ...) returns an early error, then
      mp may not have yet been set to NULL.  If the calling code *both*
      (a) had not set mp to NULL to begin with, *and*
      (b) calls free(mp) _outside_ of the test for if (!err),
      then free(mp) will be freeing an uninitialized pointer.
      
      So ensure every call to otrl_proto_create_data either initializes its mp
      to NULL, or only frees mp if the call succeeds, or both.  There were two
      places where neither was happening.  Other places, one or the other was
      already happening.
      
      Also, for extra precaution, set the message pointer in
      otrl_proto_create_data() to NULL at the beginning.
      
      Thanks to Nicolas Guigo <nicolas.guigo@nccgroup.trust> and
      Ben Hawkes <hawkes@inertiawar.com> for the report.
      
      Fixes #72Signed-off-by: default avatarDavid Goulet <dgoulet@ev0ke.net>
      Signed-off-by: default avatarIan Goldberg <iang@cs.uwaterloo.ca>
      70d1df0d
  6. 08 Feb, 2015 2 commits
  7. 18 Dec, 2014 3 commits
  8. 29 Nov, 2014 2 commits
  9. 14 Nov, 2014 1 commit
    • Ian Goldberg's avatar
      Guard against a potential integer overflow in future code paths · 187a09ac
      Ian Goldberg authored
      * b64.c (otrl_base64_otr_encode): In case some future code path
      tries to call otrl_base64_otr_encode with a buffer more than
      3/4 the size of all addressable memory, return NULL rather than
      causing an integer overflow and a heap overrun.  Thanks to
      David Remahl <david@remahl.se> for the report.
      
      * proto.c (otrl_proto_create_data): Tiny refactor to call
      otrl_base64_otr_encode instead of duplicating the code here.
      
      Fixes #64
      187a09ac
  10. 21 Oct, 2014 2 commits
  11. 19 Oct, 2014 1 commit
  12. 18 Oct, 2014 7 commits
  13. 14 Oct, 2014 4 commits
  14. 28 Jul, 2014 3 commits
  15. 03 Jun, 2014 3 commits