Bug 1536108 - Avoid sending secondary numbers in OTR query message. r=mkmelin
authorKai Engert <kaie@kuix.de>
Tue, 04 Jun 2019 11:52:57 +0200
changeset 35771 b12420c26104dd203307856e5086cb3139493c89
parent 35770 0cddb77c70798d62b4d355c31e073fdb302a293f
child 35772 cc7e364a250430cfb4ceddf7bbc0d240c7f3f136
push id392
push userclokep@gmail.com
push dateMon, 02 Sep 2019 20:17:19 +0000
reviewersmkmelin
bugs1536108
Bug 1536108 - Avoid sending secondary numbers in OTR query message. r=mkmelin
chat/content/otr/otr.ftl
chat/modules/OTR.jsm
--- a/chat/content/otr/otr.ftl
+++ b/chat/content/otr/otr.ftl
@@ -86,11 +86,12 @@ error-malformed = You transmitted a malf
 
 resent = [resent]
 
 # Variables:
 #   $name (String) - the screen name of a chat contact person
 tlv-disconnected = { $name } has ended their encrypted conversation with you; you should do the same.
 
 # Do not translate "Off-the-Record" and "OTR" which is the name of an encryption protocol
+# Make sure that this string does NOT contain any numbers, e.g. like "3".
 # Variables:
 #   $name (String) - the screen name of a chat contact person
 query-msg = { $name } has requested an Off-the-Record (OTR) encrypted conversation. However, you do not have a plugin to support that. See https://en.wikipedia.org/wiki/Off-the-Record_Messaging for more information.
--- a/chat/modules/OTR.jsm
+++ b/chat/modules/OTR.jsm
@@ -517,17 +517,21 @@ var OTR = {
     );
     if (query.isNull()) {
       Cu.reportError(new Error("Sending query message failed."));
       return;
     }
     // Use the default msg to format the version.
     // We don't supprt v1 of the protocol so this should be fine.
     let queryMsg = /^\?OTR.*?\?/.exec(query.readString())[0] + "\n";
-    queryMsg += _strArgs("query-msg", {name: conv.account.normalizedName});
+    // Avoid sending any numbers in the query message, because receiving
+    // software could misinterpret it as a protocol version.
+    // See https://bugzilla.mozilla.org/show_bug.cgi?id=1536108
+    let noNumbersName = conv.account.normalizedName.replace(/[0-9]/g, "#");
+    queryMsg += _strArgs("query-msg", {name: noNumbersName});
     conv.sendMsg(queryMsg);
     OTRLib.otrl_message_free(query);
   },
 
   trustState: {
     TRUST_NOT_PRIVATE: 0,
     TRUST_UNVERIFIED: 1,
     TRUST_PRIVATE: 2,