[OTR-dev] /me bug

Jurre van Bergen drwhax at 2600nl.net
Tue Sep 10 19:27:49 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/10/2013 08:02 PM, Jurre van Bergen wrote:
>
> On 09/10/2013 07:46 PM, Jacob Appelbaum wrote:
> > Heya,
>
> > There exists an information leak in Pidgin/Pidgin-OTR where Pidgin
> > doesn't allow Pidgin-OTR to encrypt a specific message before it is sent
> > to the network. Specifically on IRC networks, users who emote through
> > the use of a message such as `/me thinks this is a bug` - will leak the
> > full text of their /me command.
>
> > This is annoying and it would be nice if Pidgin didn't treat /me
> > messages in this way. It appears that around the same time as learning
> > about this bug, I found a bug report with a fix for Pidgin itself.
>
> > If there are any Pidgin/Pidgin-OTR users on this list who also use IRC
> > with Pidgin, it would be great to see if the following patch fixes the
> > behavior of /me on irc:
>
> >   https://developer.pidgin.im/ticket/15750
>
> > This could also be fixed inside of Pidgin-otr - though I think the right
> > place is inside of Pidgin itself. It would be useful if IRC using
> > Pidgin-OTR developers could test the patch attached to ticket 15750 on
> > the Pidgin bug tracker.
>
> > Useful questions to answer:
>
> > Does it solve the /me info leak for you? Does it cause any adverse
> > issues? Does it make sense to put this into Pidgin-OTR?
>
> > All the best,
> > Jake
>
>
> I tested this patch a few weeks ago and it doesn't fix the current issue
> in IRC while being in an OTR conversation.
>
> Jurre
>
A rectification is in place here, I reviewed a patch from Thijs back in
July, the patch has changed now which I haven't reviewed yet.

Jurre


- -- 
Give a man a fish and you feed him for a day; teach a man to fish and
you feed him for life.

Jabber: drwhax at jabber.ccc.de
Fingerprint: 79C9BECD 4841247F 7318BD12 8CFD6413 5476FE92


I like my email encrypted, please consider using my GPG key.
http://jurrevanbergen.nl/jurre.asc
My fingerprint is: 2976 FD1A 2ABE FB14 3907 58CE B739 2967 EA80 1D02
http://jurrevanbergen.nl/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSL6r0AAoJELc5KWfqgB0CQbgH/ie6cFlWAyoxqGHFYa4L0e7N
MnEqsV5KsLYSqIn8LUfBYVwl9zCJ7KEfLkV4MwAkDrPOYQH4CA9DiWqo5N/ykXfO
wzenk2vwiRNP6SgSyG2NBmompg0OOwFDhGzuvvVwhOOBgW4gKZTIHBeGlV72jIvY
2Hj4J8UNoUVCqwfv1jgPOT5u/yHzedNYxPyieG8nJOyIoU1A8ShqDFTCz/sjSiNu
+/yADolm8j7CsXEzDXetuqDQ3GABXsrtVhSpRYYWUu3BGT3tM/7dPHP4NcG23PLz
XkISS2ekALbk1u1XvTzTAUUPgLUbc8knHiRMdZoaZXEMvhYOyw2pbopYh1rPip4=
=iLNL
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20130911/b07ef3bd/attachment.html>


More information about the OTR-dev mailing list