Security Basics mailing list archives
Re: Looking for a "secure" alternative to MSN.
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 19 Jan 2011 03:38:05 -0500
On Tue, Jan 4, 2011 at 3:43 AM, Oscar Calvo <ocalvo () s21sec com> wrote:
Pidgin with OTR (Off The Record) Plugin On 01/03/2011 07:43 PM, Todd Hughes wrote:Client? Pidgin. http://www.pidgin.im/
I don't believe Pidgin is secure. But I suppose its who you ask, and what their definition of 'secure' is. I generally work against Howard and LeBlanc's 'Writing Secure Code'; Apple's 'Secure Coding Guide'; and Wheeler's 'Secure Programming for Linux and Unix HOWTO'. For example, the project chooses to ignore return values from functions such as snprintf. So there's no way to tell if the function succeeded, failed, or truncated a string. Worse, the project 'trucks on' as if everything succeeded. It's hard to feel confident about software which uses such insecure practices. In all fairness to the project, return values from some functions, such as memcpy, are useless. Below is a quick audit of ...\pidgin and ...\libpurple. Files and line numbers are listed. Notice that no return values are ever checked! And functions such as sprintf and strcpy are still being used in 2010 and beyond! Jeff
Lukas wrote:So, I'm looking for an IM client with strong encryption. Ideally with audio/video support, and open source. Like Msn sort of.. Preferably not some addon to msn though. I know there is a lot of those. It's incredible I can't find this. I'd be amazed if there's no IM client that is capable of encryption.
jeffrey@studio:~/pidgin-2.7.9/pidgin$ ./audit-unsafe.sh ===== gtkaccount.c ===== 856: g_snprintf(buf, sizeof(buf), "%d", int_value); 1143: g_snprintf(buf, sizeof(buf), "%d", int_val); ===== gtkblist.c ===== 6504: g_snprintf(group_count, sizeof(group_count), "%d/%d", ===== gtkblist-theme.c ===== 134: strncpy(copy->color, pair->color, sizeof(copy->color) - 1); 160: g_snprintf(font->color, sizeof(font->color), ===== gtkconv.c ===== 6036: strcpy(with_font_tag, pre); 6038: strcpy(with_font_tag + pre_len + length, post); 5693: sprintf(pre_str, "%c%c%c", 5695: sprintf(post_str, "%c%c%c%c%c%c%c%c%c", 5702: sprintf(pre_str, "%c%c%c", 5704: sprintf(post_str, "%c%c%c%c%c%c%c%c%c", 5570: g_snprintf(colcode, sizeof(colcode), "#%02x%02x%02x", 5905: g_snprintf(buf2, sizeof(buf2), 5912: g_snprintf(buf2, sizeof(buf2), 5919: g_snprintf(buf2, BUF_LONG, 5946: g_snprintf(str, 1024, "***%s", alias_escaped); 5951: g_snprintf(str, 1024, "*%s*:", alias_escaped); 5959: g_snprintf(str, 1024, "%s ***%s", AUTO_RESPONSE, alias_escaped); 5962: g_snprintf(str, 1024, "***%s", alias_escaped); 5972: g_snprintf(str, 1024, "%s %s", alias_escaped, AUTO_RESPONSE); 5975: g_snprintf(str, 1024, "%s:", alias_escaped); 6010: g_snprintf(buf2, BUF_LONG, "<FONT %s%s%s SIZE=\"2\"><!--%s --></FONT>", 6018: g_snprintf(buf2, BUF_LONG, "<FONT %s>%s</FONT> ", sml_attrib ? sml_attrib : "", str); 6104: g_snprintf(tmp, sizeof(tmp), 6230: g_snprintf(tmp, sizeof(tmp), ===== gtkft.c ===== 681: g_snprintf(buf, sizeof(buf), "<b>%s</b>", ===== gtkimhtml.c ===== 5556: strcpy(color, ""); 5570: strcpy(color, ""); 852: strncpy(&tmp[1], color, 7); 4090: strncpy(&tmp[1], color, 7); 4114: strncpy(&tmp[1], color, 7); 3294: wpos = g_snprintf (ws, len, "%s", tag); 3298: wpos = g_snprintf (ws, len, "%s", tag); 3328: wpos = g_snprintf (ws, smilelen + 1, "%s", c); 4082: g_snprintf(str, sizeof(str), "FORECOLOR %s", color); 4106: g_snprintf(str, sizeof(str), "BACKCOLOR %s", color); 4130: g_snprintf(str, sizeof(str), "BACKGROUND %s", color); 4144: g_snprintf(str, sizeof(str), "FONT FACE %s", face); 4159: g_snprintf(str, sizeof(str), "FONT SIZE %d", size); 4814: g_snprintf(str, sizeof(str), "LINK %d", linkno++); 5090: g_snprintf(buf, sizeof(buf), "<a href=\"%s\">", tmp); 5097: g_snprintf(buf, sizeof(buf), "<font color=\"%s\">", &name[10]); 5100: g_snprintf(buf, sizeof(buf), "<font back=\"%s\">", &name[10]); 5103: g_snprintf(buf, sizeof(buf), "<body bgcolor=\"%s\">", &name[11]); 5106: g_snprintf(buf, sizeof(buf), "<font face=\"%s\">", &name[10]); 5109: g_snprintf(buf, sizeof(buf), "<font size=\"%s\">", &name[10]); 5119: str += g_snprintf(str, sizeof(buf) - (str - buf), "<span style='"); 5134: str += g_snprintf(str, sizeof(buf) - (str - buf), "font-weight: %s;", weight); 5141: str += g_snprintf(str, sizeof(buf) - (str - buf), 5151: str += g_snprintf(str, sizeof(buf) - (str - buf), 5166: str += g_snprintf(str, sizeof(buf) - (str - buf), "text-decoration: underline;"); 5171: g_snprintf(str, sizeof(buf) - (str - buf), "'>"); 5551: g_snprintf(color, sizeof(color), "#%02x%02x%02x", 5565: g_snprintf(color, sizeof(color), "#%02x%02x%02x", ===== gtkimhtmltoolbar.c ===== 237: g_snprintf(open_tag, 23, "#%02X%02X%02X", 314: g_snprintf(open_tag, 23, "#%02X%02X%02X", 672: g_snprintf(tip, sizeof(tip), ===== gtklog.c ===== 513: strncpy(prev_top_month, month, sizeof(prev_top_month)); ===== gtkmain.c ===== 169: snprintf(errmsg, sizeof(errmsg), "Warning: waitpid() returned %d", pid); 663: snprintf(errmsg, sizeof(errmsg), "Warning: couldn't initialise empty signal set"); 668: snprintf(errmsg, sizeof(errmsg), "Warning: couldn't set signal %d for catching", 673: snprintf(errmsg, sizeof(errmsg), "Warning: couldn't include signal %d for unblocking", 680: snprintf(errmsg, sizeof(errmsg), "Warning: couldn't set signal %d to ignore", 687: snprintf(errmsg, sizeof(errmsg), "Warning: couldn't unblock signals"); ===== gtknotify.c ===== 549: g_snprintf(label_text, sizeof(label_text), 855: g_snprintf(label_text, sizeof(label_text), 1123: snprintf(key, sizeof(key), "%s - %s", purple_account_get_username(account), purple_normalize(account, who)); ===== gtkrequest.c ===== 941: g_snprintf(buf, sizeof(buf), "%d", value); ===== gtkroomlist.c ===== 648: g_snprintf(buf, sizeof(buf), "%d", myint); ===== gtksourceiter.c ===== 490: strncpy (new_string, string, len); ===== gtkstatusbox.c ===== 671: snprintf(aa_color, sizeof(aa_color), "#%02x%02x%02x", 2127: snprintf(aa_color, sizeof(aa_color), "#%02x%02x%02x", ===== gtkutils.c ===== 2466: sprintf(tmp_buf, "%u", quality); 828: g_snprintf(buf, sizeof(buf), "%s (%s) (%s)", 833: g_snprintf(buf, sizeof(buf), "%s (%s)", 1671: g_snprintf(key, sizeof(key), "Name[%s]", langs[i]); 2893: snprintf(dim_grey_string, sizeof(dim_grey_string), "#%02x%02x%02x", jeffrey@studio:~/pidgin-2.7.9/pidgin$ jeffrey@studio:~/pidgin-2.7.9/libpurple$ ./audit-unsafe.sh ===== account.c ===== 113: g_snprintf(buf, sizeof(buf), "%d", setting->value.integer); 122: g_snprintf(buf, sizeof(buf), "%d", setting->value.boolean); 307: g_snprintf(buf, sizeof(buf), "%d", int_value); 345: g_snprintf(type_str, sizeof(type_str), "%u", err->type); 1549: g_snprintf(primary, sizeof(primary), _("Change password for %s"), 1587: g_snprintf(primary, sizeof(primary), ===== blist.c ===== 151: g_snprintf(buf, sizeof(buf), "%d", purple_value_get_int(value)); 160: g_snprintf(buf, sizeof(buf), "%d", purple_value_get_boolean(value)); 316: g_snprintf(buf, sizeof(buf), "%d", account->perm_deny); ===== cipher.c ===== 2911: sprintf(digest_s + (n * 2), "%02x", digest[n]); ===== conversation.c ===== 1804: g_snprintf(tmp, sizeof(tmp), 1824: g_snprintf(tmp, sizeof(tmp), ===== desktopitem.c ===== 507: strncpy (lang, locale, 2); ===== dnsquery.c ===== 523: strncpy(dns_params.hostname, query_data->hostname, sizeof(dns_params.hostname) - 1); 311: g_snprintf(servname, sizeof(servname), "%d", dns_params.port); 397: g_snprintf(s, sizeof(s), "/proc/%d/exe", ppid); 634: g_snprintf(message, sizeof(message), _("Error resolving %s:\n%s"), 637: g_snprintf(message, sizeof(message), _("Error resolving %s: %d"), 661: g_snprintf(message, sizeof(message), _("Error reading from resolver process:\n%s"), g_strerror(errno)); 665: g_snprintf(message, sizeof(message), _("Resolver process exited without answering our request")); 790: g_snprintf(servname, sizeof(servname), "%d", query_data->port); 866: g_snprintf(message, sizeof(message), _("Thread creation failure: %s"), 939: g_snprintf(message, sizeof(message), _("Error resolving %s: %d"), 950: g_snprintf(message, sizeof(message), _("Error resolving %s: %d"), ===== dnssrv.c ===== 383: strcpy(srvres->hostname, name); 621: strncpy(srvres->hostname, srv_data->pNameTarget, 255); 744: strncpy(internal_query.query, query, 255); 858: strncpy(internal_query.query, query, 255); ===== internal.h ===== 156: * g_strlcpy/g_strlcpy directly. */ 157:#define purple_strlcpy(dest, src) g_strlcpy(dest, src, sizeof(dest)) 158:#define purple_strlcat(dest, src) g_strlcat(dest, src, sizeof(dest)) ===== log.c ===== 1704: strcpy(pathstr + strlen(pathstr) - 3, "idx"); 1838: g_snprintf(convostart, length, "%s", temp); ===== network.c ===== 193: g_snprintf(ip, 16, "%lu.%lu.%lu.%lu", 412: g_snprintf(serv, sizeof(serv), "%hu", port); ===== prefs.c ===== 131: g_snprintf(buf, sizeof(buf), "%d", pref->value.integer); 164: g_snprintf(buf, sizeof(buf), "%d", pref->value.boolean); ===== proxy.c ===== 982: strcpy(hostname, "localhost"); 1116: strcpy(hostname, "localhost"); ===== savedstatuses.c ===== 1027: strcpy(tmp, "..."); 1021: strncpy(buf, stripped, sizeof(buf)); 288: g_snprintf(buf, sizeof(buf), "%lu", status->creation_time); 291: g_snprintf(buf, sizeof(buf), "%lu", status->lastused); 294: g_snprintf(buf, sizeof(buf), "%u", status->usage_count); ===== server.c ===== 112: g_snprintf(lar->name, sizeof(lar->name), "%s", name); 812: g_snprintf(buf2, sizeof(buf2), 817: g_snprintf(buf2, sizeof(buf2), ===== stringref.c ===== 73: strcpy(newref->value, value); 87: strcpy(newref->value, value); 107: vsprintf(newref->value, format, ap); 107: vsprintf(newref->value, format, ap); ===== stun.c ===== 229: strcpy(nattype.publicip, ip); ===== upnp.c ===== 395: strncpy(control_info.service_type, dd->service_type, 587: strncpy(dd->service_type, WAN_IP_CONN_SERVICE, sizeof(dd->service_type)); 589: strncpy(dd->service_type, WAN_PPP_CONN_SERVICE, sizeof(dd->service_type)); 775: strncpy(control_info.publicip, temp + 1, 810: strncpy(control_info.internalip, 891: strncpy(action_name, "AddPortMapping", 898: strncpy(action_name, "DeletePortMapping", sizeof(action_name)); 965: strncpy(ar->protocol, protocol, sizeof(ar->protocol)); 1012: strncpy(ar->protocol, protocol, sizeof(ar->protocol)); ===== util.c ===== 479: strcpy(buf, "Z"); 3055: strcpy(&dest[j], "<BR>"); 3961: strcpy(hostname, "localhost"); 3192: strncpy(&ret[j], replacement, length_rep); 3358: strncpy(proto, uri, len); 3568: strncpy(new_url, s, len); 4206: strncpy(hex, str + ++i, 2); 4420: strncpy (retval, p, q - p + 1); 615: purple_strlcpy(buf, utf8); 4251: sprintf(buf + j, "%%%02X", utf_char[i] & 0xff); 4603: sprintf(msg, "unknown error (%d)", errnum); 4894: sprintf(buf + j, "%%%02x", utf_char[i] & 0xff); 135: g_snprintf(&ascii[i * 2], 3, "%02hhx", data[i]); 203: g_snprintf(&ascii[i * 3], 4, "%02hhx:", data[i]); 483: if(g_snprintf(buf, sizeof(buf), "%+03d:%02d", hrs, ABS(min)) > 6) 487: if (g_snprintf(buf, sizeof(buf), "%+03d%02d", hrs, ABS(min)) > 5) 1793: g_snprintf(buf, sizeof(buf), "%c", *c); 3001: g_snprintf(buf, sizeof(buf), "%s", tmp); 3025: g_snprintf(buf, sizeof(buf), "%s", tmp2 ? tmp2 : ""); 3492: g_snprintf(port_str, sizeof(port_str), "443"); 3494: g_snprintf(port_str, sizeof(port_str), "80"); ===== xmlnode.c ===== 642: vsnprintf(errmsg, sizeof(errmsg), msg, args); jeffrey@studio:~/pidgin-2.7.9/libpurple$ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Looking for a "secure" alternative to MSN., (continued)
- Re: Looking for a "secure" alternative to MSN. Alexander Ginzburg (Jan 03)
- RE: Looking for a "secure" alternative to MSN. Montel Montecalvo (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Bot (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Ian Bradshaw (Jan 03)
- Re: Looking for a "secure" alternative to MSN. mflockhart (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Pierre Jaury (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Bot (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Pierre Jaury (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Bill Durant (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Todd Hughes (Jan 03)
- Re: Looking for a "secure" alternative to MSN. Oscar Calvo (Jan 04)
- Re: Looking for a "secure" alternative to MSN. Jeffrey Walton (Jan 19)
- Re: Looking for a "secure" alternative to MSN. Oscar Calvo (Jan 19)
- Re: Looking for a "secure" alternative to MSN. Jeffrey Walton (Jan 20)
- Re: Looking for a "secure" alternative to MSN. Oscar Calvo (Jan 04)
- Re: Looking for a "secure" alternative to MSN. Bogdan V (Jan 21)
- Re: Looking for a "secure" alternative to MSN. Chad Uretsky (Jan 21)
- Re: Looking for a "secure" alternative to MSN. JGJones (Mailing List) (Jan 24)