mirror of
https://git.jabber.space/devs/cproof.git
synced 2026-07-17 23:26:20 +00:00
fix(omemo): guard NULL fingerprint decode and log failures (CWE-476/457)
Absorbs the still-relevant null-pointer guards from #107 and extends them for consistency across all _omemo_fingerprint_decode() callers: - _omemo_fingerprint_decode(): return NULL on NULL input instead of dereferencing it via strlen(). - omemo_is_trusted_identity(): bail out (FALSE) when decode fails and zero-init fingerprint_len, instead of passing a NULL buffer / reading an uninitialized length into signal_buffer_append(). - omemo_trust(): bail out when decode fails (previously unchecked; under OOM it would save a bogus 1-byte identity). Every decode failure is now logged (omemo_is_trusted_identity / omemo_trust / omemo_untrust) instead of failing silently; omemo_trust also surfaces a user-facing error. The cmd_funcs.c hunks from #107 are dropped: master already has the strtok guard, and its fdopen guard is more complete (it closes the fd).
This commit is contained in:
@@ -1283,8 +1283,12 @@ omemo_is_trusted_identity(const char* const jid, const char* const fingerprint)
|
||||
.device_id = GPOINTER_TO_UINT(device_id),
|
||||
};
|
||||
|
||||
size_t fingerprint_len;
|
||||
size_t fingerprint_len = 0;
|
||||
unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint, &fingerprint_len);
|
||||
if (!fingerprint_raw) {
|
||||
log_error("[OMEMO] omemo_is_trusted_identity: failed to decode fingerprint for %s", jid);
|
||||
return FALSE;
|
||||
}
|
||||
unsigned char djb_type[] = { '\x05' };
|
||||
signal_buffer* buffer = signal_buffer_create(djb_type, 1);
|
||||
buffer = signal_buffer_append(buffer, fingerprint_raw, fingerprint_len);
|
||||
@@ -1468,6 +1472,10 @@ _omemo_fingerprint(ec_public_key* identity, gboolean formatted)
|
||||
static unsigned char*
|
||||
_omemo_fingerprint_decode(const char* const fingerprint, size_t* len)
|
||||
{
|
||||
if (!fingerprint) {
|
||||
*len = 0;
|
||||
return NULL;
|
||||
}
|
||||
unsigned char* output = malloc(strlen(fingerprint) / 2 + 1);
|
||||
if (!output) {
|
||||
*len = 0;
|
||||
@@ -1534,6 +1542,11 @@ omemo_trust(const char* const jid, const char* const fingerprint_formatted)
|
||||
};
|
||||
|
||||
unsigned char* fingerprint_raw = _omemo_fingerprint_decode(fingerprint_formatted, &len);
|
||||
if (!fingerprint_raw) {
|
||||
log_error("[OMEMO] omemo_trust: failed to decode fingerprint for %s", jid);
|
||||
cons_show_error("Failed to trust device: could not decode fingerprint.");
|
||||
return;
|
||||
}
|
||||
unsigned char djb_type[] = { '\x05' };
|
||||
signal_buffer* buffer = signal_buffer_create(djb_type, 1);
|
||||
buffer = signal_buffer_append(buffer, fingerprint_raw, len);
|
||||
@@ -1551,8 +1564,10 @@ omemo_untrust(const char* const jid, const char* const fingerprint_formatted)
|
||||
{
|
||||
size_t len;
|
||||
unsigned char* identity = _omemo_fingerprint_decode(fingerprint_formatted, &len);
|
||||
if (!identity)
|
||||
if (!identity) {
|
||||
log_error("[OMEMO] omemo_untrust: failed to decode fingerprint for %s", jid);
|
||||
return;
|
||||
}
|
||||
|
||||
GHashTableIter iter;
|
||||
gpointer key, value;
|
||||
|
||||
Reference in New Issue
Block a user