[OTR-dev] otrl_base64_otr_decode() function...

Justin Ferguson jnferguson at gmail.com
Tue Jul 17 10:15:51 EDT 2012


Surely you guys meant to check that msglen-5 is greater than or equal
to four lest you receive a msg akin to "?OTR:===." ?

This is a pretty highly utilized code-path with direct hits from
pidgin's receive im signal. Cheers.


int otrl_base64_otr_decode(const char *msg, unsigned char **bufp,
	size_t *lenp)
{
    char *otrtag, *endtag;
    size_t msglen, rawlen;
    unsigned char *rawmsg;

    otrtag = strstr(msg, "?OTR:");
    if (!otrtag) {
	return -2;
    }
    endtag = strchr(otrtag, '.');
    if (endtag) {
        msglen = endtag-otrtag;
    } else {
	return -2;
    }

    /* Base64-decode the message */
    rawlen = ((msglen-5) / 4) * 3;   /* maximum possible */
    rawmsg = malloc(rawlen);
    if (!rawmsg && rawlen > 0) {
	return -1;
    }
    rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5);  /* actual size */

    *bufp = rawmsg;
    *lenp = rawlen;

    return 0;
}



More information about the OTR-dev mailing list