Support reading messages with 12-byte IVs

Bug #1866115 reported by Julian Andres Klode on 2020-03-04
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
dino-im (Ubuntu)
Undecided
Unassigned
Bionic
Critical
Julian Andres Klode

Bug Description

[Impact]
Most clients switched to 12-byte IVs for OMEMO encrypted messages, but dino only accepts 16-byte IVs.

[Test case]

Send OMEMO message from client which uses 12-byte IV, make sure it can be read.

Note that other clients might still not be able to read our messages (dino should though), this requires https://github.com/dino/dino/commit/cc7b0aa7bd5b6599159f654fdd8a2fd111e16a3e and will be fixed later. This change is solely to unblock dino to switch to sending 12-byte IVs.

[Regression potential]

Meh. I'm not sure what could regress here by not rejecting 12 byte IVs any longer, it's a simple if () on the IV size that we extend from == 16 to == 16 || == 12.

Changed in dino-im (Ubuntu):
status: New → Fix Released
Changed in dino-im (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Julian Andres Klode (juliank)
description: updated
Julian Andres Klode (juliank) wrote :

I have installed dino-im from the security-proposed PPA and confirmed I could receive 12-byte IV messages sent by conversations.

tags: added: verification-done-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dino-im - 0.0.git20180130-1ubuntu0.1

---------------
dino-im (0.0.git20180130-1ubuntu0.1) bionic-security; urgency=high

  * Cherry pick upstream security fixes (LP: #1866113)
    - SECURITY UPDATE: Fix check of source of a carbons message (CVE-2019-16235)
    - SECURITY UPDATE: Check roster push authorization (CVE-2019-16236)
    - SECURITY UPDATE: Fix check of source of MAM message (CVE-2019-16237)
  * Accept IV sizes of 12 in addition to 16 to enable reading messages
    sent from clients using 12-byte IVs again (LP: #1866115)

 -- Julian Andres Klode <email address hidden> Wed, 04 Mar 2020 15:20:07 +0100

Changed in dino-im (Ubuntu Bionic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers