On 06/21/2012 03:00 PM, Ian Goldberg wrote: > Thanks for all of your feedback on 4.0.0-beta1! We've built a beta2 > in the usual place: > > http://otr.cypherpunks.ca/libotr-4.0.0-beta2.tar.gz > http://otr.cypherpunks.ca/libotr-4.0.0-beta2.tar.gz.asc > > http://otr.cypherpunks.ca/pidgin-otr-4.0.0-beta2.tar.gz > http://otr.cypherpunks.ca/pidgin-otr-4.0.0-beta2.tar.gz.asc > > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.0-0-beta2.exe > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.0-0-beta2.exe.asc > > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.0-beta2.zip > http://otr.cypherpunks.ca/binaries/windows/pidgin-otr-4.0.0-beta2.zip.asc > > This is still not for production use, but we'd love more feedback, > notices of weird behaviours, or crash reports.
I'd like to suggest that you take the gcc/compiler hardening code from Tor's autoconf - I think you need it on by default and it's rather well tested now for all of the major platforms: https://gitweb.torproject.org/tor.git/blob/f96f319b9e9fba5ff52eba2daec2247080f268ee:/configure.in#l557 > > As before: > > Translators: We would appreciate your help with updating the pidgin-otr > translations. There are a few new strings, mostly regarding the support for > multiple OTR sessions with the same buddy. Please send us your updated > .po files as soon as possible, so we can include them in the 4.0.0 > release. As a minor note of caution, I've noticed that this version of OTR uses gnu gettext's _() function with a lot of format strings. I'm sure this is old news but this can be dangerous. If your translators are hostile, and do not correctly include format strings, you'll have some security issues. If possible, I'd suggest a unit test or two to ensure that all .po files have matching format strings for every translation. msgfmt can do a check of the type and number of arguments passed around. A few years ago, I found a strcpy that had a static string being copied into a static buffer. In theory, it's fine and in practice, the static string was inside of _() and so, a hostile translator could smash the stack. Obviously this is a wacky corner case but it's something to consider. It's not totally unlike this code: gtk-dialog.c: strcpy(our_hash, _("[none]")); I think that a 46 byte translation for "[none]" would cause you some issues. I have some private code that I wrote to demonstrate how one could exploit/mess around with this stuff, if it's of interest, I'll share it with you guys. Additionally, I have some audit notes from the last stable release of libotr/pidgin-otr on an old disk, I'll try to dig it up and send it over. Nothing major, obviously. All the best, Jake _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
