From f63bf578723919d04ed050290c9030c967aa08d4 Mon Sep 17 00:00:00 2001 From: "jabber.developer2" Date: Fri, 19 Jun 2026 11:29:58 +0300 Subject: [PATCH] fix(omemo): guard NULL fingerprint decode and log failures (CWE-476/457) Absorbs the still-relevant null-pointer guards from #107 and extends them for consistency across all _omemo_fingerprint_decode() callers: - _omemo_fingerprint_decode(): return NULL on NULL input instead of dereferencing it via strlen(). - omemo_is_trusted_identity(): bail out (FALSE) when decode fails and zero-init fingerprint_len, instead of passing a NULL buffer / reading an uninitialized length into signal_buffer_append(). - omemo_trust(): bail out when decode fails (previously unchecked; under OOM it would save a bogus 1-byte identity). Every decode failure is now logged (omemo_is_trusted_identity / omemo_trust / omemo_untrust) instead of failing silently; omemo_trust also surfaces a user-facing error. The cmd_funcs.c hunks from #107 are dropped: master already has the strtok guard, and its fdopen guard is more complete (it closes the fd). --- src/omemo/omemo.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/omemo/omemo.c b/src/omemo/omemo.c index f31acb1d..38157336 100644 --- a/src/omemo/omemo.c +++ b/src/omemo/omemo.c @@ -1283,8 +1283,12 @@ omemo_is_trusted_identity(const char* const jid, const char* const fingerprint) .device_id = GPOINTER_TO_UINT(device_id), }; - size_t fingerprint_len; + size_t fingerprint_len = 0; unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint, &fingerprint_len); + if (!fingerprint_raw) { + log_error("[OMEMO] omemo_is_trusted_identity: failed to decode fingerprint for %s", jid); + return FALSE; + } unsigned char djb_type[] = { '\x05' }; signal_buffer* buffer = signal_buffer_create(djb_type, 1); buffer = signal_buffer_append(buffer, fingerprint_raw, fingerprint_len); @@ -1468,6 +1472,10 @@ _omemo_fingerprint(ec_public_key* identity, gboolean formatted) static unsigned char* _omemo_fingerprint_decode(const char* const fingerprint, size_t* len) { + if (!fingerprint) { + *len = 0; + return NULL; + } unsigned char* output = malloc(strlen(fingerprint) / 2 + 1); if (!output) { *len = 0; @@ -1534,6 +1542,11 @@ omemo_trust(const char* const jid, const char* const fingerprint_formatted) }; unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint_formatted, &len); + if (!fingerprint_raw) { + log_error("[OMEMO] omemo_trust: failed to decode fingerprint for %s", jid); + cons_show_error("Failed to trust device: could not decode fingerprint."); + return; + } unsigned char djb_type[] = { '\x05' }; signal_buffer* buffer = signal_buffer_create(djb_type, 1); buffer = signal_buffer_append(buffer, fingerprint_raw, len); @@ -1551,8 +1564,10 @@ omemo_untrust(const char* const jid, const char* const fingerprint_formatted) { size_t len; unsigned char* identity = _omemo_fingerprint_decode(fingerprint_formatted, &len); - if (!identity) + if (!identity) { + log_error("[OMEMO] omemo_untrust: failed to decode fingerprint for %s", jid); return; + } GHashTableIter iter; gpointer key, value;