[OTR-dev] Crash when receiving message after canceling encrypted chat (with gdb backtrace)

Evan Schoenberg evan.s at dreskin.net
Wed Feb 9 18:38:09 EST 2005 

On Feb 9, 2005, at 4:53 PM, Ian Goldberg wrote:

> I was writing to say how impossible this trace is, when this old
> aphorism came to mind:  "Those saying something is impossible
> should never interrupt those who are doing it."
>
:D

> Please apply this patch and tell me if the problem goes away.
>
Doesn't apply for me against 2.0.0 - 3 of 4 hunks are rejected.  Could 
you also post the snapshot which it is against?

Thanks,
Evan

>
> diff -u -r1.10 proto.c
> --- proto.c     7 Feb 2005 20:34:50 -0000       1.10
> +++ proto.c     9 Feb 2005 22:46:31 -0000
> @@ -735,6 +735,14 @@
>      char *msgbuf = NULL;
>      enum gcry_mpi_format format = GCRYMPI_FMT_USG;
>
> +    /* We need to copy the incoming msg, since it might be an alias 
> for
> +     * context->lastmessage, which we'll be freeing soon. */
> +    char *msgdup = gcry_malloc_secure(justmsglen + 1);
> +    if (msgdup == NULL) {
> +       return gcry_error(GPG_ERR_ENOMEM);
> +    }
> +    strcpy(msgdup, msg);
> +
>      *encmessagep = NULL;
>
>      /* Header, send keyid, recv keyid, counter, msg len, msg
> @@ -746,10 +754,11 @@
>      msgbuf = gcry_malloc_secure(msglen);
>      if (buf == NULL || msgbuf == NULL) {
>         free(buf);
> -       free(msgbuf);
> +       gcry_free(msgbuf);
> +       gcry_free(msgdup);
>         return gcry_error(GPG_ERR_ENOMEM);
>      }
> -    memmove(msgbuf, msg, justmsglen);
> +    memmove(msgbuf, msgdup, justmsglen);
>      msgbuf[justmsglen] = '\0';
>      otrl_tlv_serialize(msgbuf + justmsglen + 1, tlvs);
>      bufp = buf;
> @@ -824,7 +833,7 @@
>      if (msglen > 0) {
>         const char *prefix = "[resent] ";
>         size_t prefixlen = strlen(prefix);
> -       if (!strncmp(prefix, msg, prefixlen)) {
> +       if (!strncmp(prefix, msgdup, prefixlen)) {
>             /* The prefix is already there.  Don't add it again. */
>             prefix = "";
>             prefixlen = 0;
> @@ -832,13 +841,15 @@
>         context->lastmessage = gcry_malloc_secure(prefixlen + 
> justmsglen + 1);
>         if (context->lastmessage) {
>             strcpy(context->lastmessage, prefix);
> -           strcat(context->lastmessage, msg);
> +           strcat(context->lastmessage, msgdup);
>         }
>      }
> +    gcry_free(msgdup);
>      return gcry_error(GPG_ERR_NO_ERROR);
>  err:
>      free(buf);
>      gcry_free(msgbuf);
> +    gcry_free(msgdup);
>      *encmessagep = NULL;
>      return err;
>  }
>
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>

More information about the OTR-dev mailing list