Changeset 86fd261

Timestamp:

2015-08-11T06:48:25Z (9 years ago)

Author:

dequis <dx@…>

Branches:

master

Children:

b39859e

Parents:

654112d4

git-author:

dequis <dx@…> (11-08-15 06:40:11)

git-committer:

dequis <dx@…> (11-08-15 06:48:25)

Message:

otr: add otr_filter_colors, replaces '\x03' with '?' for "security"

Fixes trac ticket 835, "an attacker can spoof color codes"

Which had "major" priority, and was open for a few years.

Yeah.

Every time I looked at that ticket I thought about lowering the
priority, but then saw that pesco opened the bug. Welp.

Anyway, it's gone now. Yay.

File:

• otr.c (modified) (4 diffs)

otr.c

@@ -215 +215 @@
 /* close all active OTR connections */
 void otr_disconnect_all(irc_t *irc);
+
+/* modifies string in-place, replacing \x03 with '?',
+   as a quick way to prevent remote users from messing with irc colors */
+static char *otr_filter_colors(char *msg);
 
 /* functions to be called for certain events */
@@ -454 +458 @@
         } else if (!newmsg) {
                 /* this was a non-OTR message */
-                return msg;
+                return otr_filter_colors(msg);
         } else {
                 /* we're done with the original msg, which will be caller-freed. */
@@ -745 +749 @@
 }
 
+static char *otr_filter_colors(char *msg) {
+        int i;
+        for (i = 0; msg[i]; i++) {
+                if (msg[i] == '\x03') {
+                        msg[i] = '?';
+                }
+        }
+        return msg;
+}
+
 /* returns newly allocated string */
 static char *otr_color_encrypted(char *msg, char *color, gboolean is_query) {
@@ -777 +791 @@
                 }
 
-                g_string_append(out, line);
+                g_string_append(out, otr_filter_colors(line));
         }