From 86fd261eb78c78dc6f2deba206f70471ebc07c73 Mon Sep 17 00:00:00 2001 From: dequis Date: Tue, 11 Aug 2015 03:40:11 -0300 Subject: otr: add otr_filter_colors, replaces '\x03' with '?' for "security" Fixes trac ticket 835, "an attacker can spoof color codes" Which had "major" priority, and was open for a few years. Yeah. Every time I looked at that ticket I thought about lowering the priority, but then saw that pesco opened the bug. Welp. Anyway, it's gone now. Yay. --- otr.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'otr.c') diff --git a/otr.c b/otr.c index aeaa4442..b45955d2 100644 --- a/otr.c +++ b/otr.c @@ -215,6 +215,10 @@ gboolean otr_disconnect_user(irc_t *irc, irc_user_t *u); /* close all active OTR connections */ void otr_disconnect_all(irc_t *irc); +/* modifies string in-place, replacing \x03 with '?', + as a quick way to prevent remote users from messing with irc colors */ +static char *otr_filter_colors(char *msg); + /* functions to be called for certain events */ static const struct irc_plugin otr_plugin; @@ -453,7 +457,7 @@ char *otr_filter_msg_in(irc_user_t *iu, char *msg, int flags) return NULL; } else if (!newmsg) { /* this was a non-OTR message */ - return msg; + return otr_filter_colors(msg); } else { /* we're done with the original msg, which will be caller-freed. */ return newmsg; @@ -744,6 +748,16 @@ void op_create_instag(void *opdata, const char *account, const char *protocol) } } +static char *otr_filter_colors(char *msg) { + int i; + for (i = 0; msg[i]; i++) { + if (msg[i] == '\x03') { + msg[i] = '?'; + } + } + return msg; +} + /* returns newly allocated string */ static char *otr_color_encrypted(char *msg, char *color, gboolean is_query) { char **lines; @@ -776,7 +790,7 @@ static char *otr_color_encrypted(char *msg, char *color, gboolean is_query) { g_string_append_c(out, ' '); } - g_string_append(out, line); + g_string_append(out, otr_filter_colors(line)); } g_strfreev(lines); -- cgit v1.2.3