Files
profanity/src
jabber.developer2 f63bf57872 fix(omemo): guard NULL fingerprint decode and log failures (CWE-476/457)
Absorbs the still-relevant null-pointer guards from #107 and extends them for consistency across all _omemo_fingerprint_decode() callers:
- _omemo_fingerprint_decode(): return NULL on NULL input instead of dereferencing it via strlen().
- omemo_is_trusted_identity(): bail out (FALSE) when decode fails and zero-init fingerprint_len, instead of passing a NULL buffer / reading an uninitialized length into signal_buffer_append().
- omemo_trust(): bail out when decode fails (previously unchecked; under OOM it would save a bogus 1-byte identity).

Every decode failure is now logged (omemo_is_trusted_identity / omemo_trust / omemo_untrust) instead of failing silently; omemo_trust also surfaces a user-facing error.

The cmd_funcs.c hunks from #107 are dropped: master already has the strtok guard, and its fdopen guard is more complete (it closes the fd).
2026-06-19 09:46:11 +00:00
..
2026-06-19 09:46:11 +00:00
2026-06-19 09:46:11 +00:00
2026-06-19 09:46:11 +00:00
2026-06-19 09:46:11 +00:00