On Fri, Apr 03, 2015 at 11:56:52AM +0100, Stefan Sperling wrote: > On Fri, Apr 03, 2015 at 11:30:26AM +0100, Stefan Sperling wrote: > > Update pidgin-otr to 4.0.1. > > > > ok? > > Mikolaj Kucharski pointed out that I accidentally removed EPOCH.
And another fix. The OTR->Authenticate buddy option does not open the socialist millionaires dialog for me (this problem has existed for quite a while). The code for this dialog relies on use-after-free. In create_smp_dialog(), we have: SMPData *smp_data = purple_conversation_get_data(conv, "otr-smpdata"); [...] /* If you start SMP authentication on a different context, it * will kill any existing SMP */ if (smp_data->their_instance != context->their_instance) { otrg_gtk_dialog_free_smp_data(conv); otrg_gtk_dialog_add_smp_data(conv); } At this point, smp_data points to memory freed in otrg_gtk_dialog_free_smp_data(). (gdb) p *smp_data [1104/1916] $13 = {smp_secret_dialog = 0xdfdfdfdfdfdfdfdf, smp_secret_smppair = 0xdfdfdfdfdfdfdfdf, smp_progress_dialog = 0xdfdfdfdfdfdfdfdf, smp_progress_bar = 0xdfdfdfdfdfdfdfdf, smp_progress_label = 0xdfdfdfdfdfdfdfdf, their_instance = 3755991007} But pidgin-otr just keeps using it: if (!(smp_data->smp_secret_dialog)) { [...] I'll submit my patch upstream. ok? Index: Makefile =================================================================== RCS file: /cvs/ports/security/pidgin-otr/Makefile,v retrieving revision 1.20 diff -u -p -r1.20 Makefile --- Makefile 15 Aug 2013 16:33:31 -0000 1.20 +++ Makefile 3 Apr 2015 10:54:27 -0000 @@ -2,11 +2,11 @@ COMMENT = allows deniable private conversations using Pidgin -DISTNAME = pidgin-otr-4.0.0 +DISTNAME = pidgin-otr-4.0.1 CATEGORIES = security net EPOCH = 0 -HOMEPAGE = http://www.cypherpunks.ca/otr/ +HOMEPAGE = http://otr.cypherpunks.ca/ MASTER_SITES = ${HOMEPAGE} Index: distinfo =================================================================== RCS file: /cvs/ports/security/pidgin-otr/distinfo,v retrieving revision 1.5 diff -u -p -r1.5 distinfo --- distinfo 15 Aug 2013 16:33:31 -0000 1.5 +++ distinfo 3 Apr 2015 09:47:57 -0000 @@ -1,2 +1,2 @@ -SHA256 (pidgin-otr-4.0.0.tar.gz) = 1Ws/CS2+nuZZdkHH0t0pSITcBLpHqvTsVxzVSXffRpE= -SIZE (pidgin-otr-4.0.0.tar.gz) = 459591 +SHA256 (pidgin-otr-4.0.1.tar.gz) = G3gfSMJ7zJ3jE2wGdIEN8j99a0THJ9v037JAZ5Cb8wo= +SIZE (pidgin-otr-4.0.1.tar.gz) = 496879 Index: patches/patch-gtk-dialog_c =================================================================== RCS file: patches/patch-gtk-dialog_c diff -N patches/patch-gtk-dialog_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-gtk-dialog_c 3 Apr 2015 11:29:37 -0000 @@ -0,0 +1,12 @@ +$OpenBSD$ +Don't use smp_data after free. +--- gtk-dialog.c.orig Fri Apr 3 12:29:01 2015 ++++ gtk-dialog.c Fri Apr 3 12:28:13 2015 +@@ -778,6 +778,7 @@ static GtkWidget *create_smp_dialog(const char *title, + if (smp_data->their_instance != context->their_instance) { + otrg_gtk_dialog_free_smp_data(conv); + otrg_gtk_dialog_add_smp_data(conv); ++ smp_data = purple_conversation_get_data(conv, "otr-smpdata"); + } + + if (!(smp_data->smp_secret_dialog)) {