* SMIME: Crash if public certificates are located in an inaccessible

remote server and the private key is not available. * SMIME: Management of several alternate name (SAN) certificates is improved. When importing a SAN certificate, also import a certificate for the filename, besides for the e-mail addresses in the certificate. * When saving an attachment, the "^T" command leads to a screen where the "A" command can be used to add a file. A directory can be added by pressing "^X" after the "A" command. Added after a suggestion by Stefan Goessling.
author: Eduardo Chappa <chappa@washington.edu> 2015-09-18 22:17:44 -0600
committer: Eduardo Chappa <chappa@washington.edu> 2015-09-18 22:17:44 -0600
commit: a5bec83c5704f49844a9232d16aab0b2b9bf633e (patch)
tree: dab972df7886336e6e9984e77308403c4155c468
parent: 6bcba429b8feb23fa3de2ee8d77bfa80785676ed (diff)
download: alpine-a5bec83c5704f49844a9232d16aab0b2b9bf633e.tar.xz
6 files changed, 80 insertions, 22 deletions
diff --git a/alpine/imap.c b/alpine/imap.c
index 546a8aee..5e31e67e 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -2412,10 +2412,15 @@ read_passfile(pinerc, l)
     if(encrypted){
 	text = text2 = decrypt_file((char *)tmp, &i, (PERSONAL_CERT *)ps_global->pwdcert);
 	switch(i){
+	   case -2: using_passfile = 0;
+		    break;
+
 	   case 1 : save_password = 1;
+		    using_passfile = 1;
 		    break;
 
 	   case -1: save_password = 0;
+		    using_passfile = 1;
 		    break;
 
 	   default: break;
@@ -2425,7 +2430,11 @@ read_passfile(pinerc, l)
        fp = our_fopen(tmp, "rb");	/* reopen to read data */
 #endif /* SMIME */
 
-    using_passfile = 1;
+    if(using_passfile == 0){
+      if(text) fs_give((void **)&text);
+      return using_passfile;
+    }
+
 #ifdef SMIME
     for(n = 0; encrypted ? line_get(tmp, sizeof(tmp), &text2) 
 	: (fgets(tmp, sizeof(tmp), fp) != NULL); n++){
diff --git a/alpine/smime.c b/alpine/smime.c
index 5e2ae752..71104b2c 100644
--- a/alpine/smime.c
+++ b/alpine/smime.c
@@ -1192,6 +1192,7 @@ void display_certificate_information(struct pine *ps, X509 *cert, char *email, W
       scrollargs.keys.menu   = &smime_certificate_info_keymenu;
       setbitmap(scrollargs.keys.bitmap);
       if(ctype != Public || error != X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+/*error != X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)*/
 	  clrbitn(TRUST_KEY, scrollargs.keys.bitmap);
       if(ctype != Private){
 	  clrbitn(PUBLIC_KEY,  scrollargs.keys.bitmap);
diff --git a/pico/browse.c b/pico/browse.c
index 11d3eb3f..b60ef202 100644
--- a/pico/browse.c
+++ b/pico/browse.c
@@ -318,6 +318,7 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
     int status, i, j;
     int row, col, crow, ccol;
     int flags;
+    int add_file;
     char *p, *envp, child[NLINE], tmp[NLINE];
     struct bmaster *mp;
     struct fcell *tp;
@@ -1052,6 +1053,7 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 		break;
 	    }
 
+	    add_file = 1;
 	    i = 0;
 	    child[0] = '\0';
 	    /* pass in default filename */
@@ -1061,9 +1063,16 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 	    }
 
 	    while(!i){
+		int repaint = 0;
+		EXTRAKEYS opts[10];
 
-		switch(status=mlreply_utf8(_("Name of file to add: "), child, NLINE,
-				      QFFILE, NULL)){
+		memset((void *) &opts, 0, 10*sizeof(EXTRAKEYS));
+		opts[0].name  = "^X";
+		opts[0].label = add_file ? N_("Add Dir") : N_("Add File");
+		opts[0].key   = (CTRL|'X');
+
+		switch(status=mlreply_utf8(add_file ? _("Name of file to add: ") : _("Name of directory to add: "), child, NLINE,
+				      QFFILE, opts)){
 		  case HELPCH:
 		    emlwrite(_("\007No help yet!"), NULL);
 /* remove break and sleep after help text is installed */
@@ -1072,8 +1081,11 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 		  case (CTRL|'L'):
 		    PaintBrowser(gmp, 0, &crow, &ccol);
 		    break;
+		  case (CTRL|'X'):
+		    if(add_file > 0) add_file = 0; else add_file = 1;
+		    break;
 		  case ABORT:
-		    emlwrite(_("Add File Cancelled"), NULL);
+		    emlwrite(add_file > 0 ? _("Add File Cancelled") : _("Add Directory Cancelled"), NULL);
 		    i++;
 		    break;
 		  case FALSE:
@@ -1088,7 +1100,7 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 		    i++;
 
 		    if(child[0] == '\0'){
-			emlwrite(_("No file named.  Add Cancelled."), NULL);
+			emlwrite(add_file > 0 ? _("No file named.  Add Cancelled.") : _("No directory named. Add Cancelled"), NULL);
 			break;
 		    }
 
@@ -1105,8 +1117,8 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 		    }
 
 		    if((status = fexist(child, "w", (off_t *)NULL)) == FIOSUC){
-			snprintf(tmp, sizeof(tmp), _("File \"%.*s\" already exists!"),
-				NLINE - 20, child);
+			snprintf(tmp, sizeof(tmp), _("%s \"%.*s\" already exists!"),
+				NLINE - 20, add_file > 0 ? "File" : "Directory", child);
 			emlwrite(tmp, NULL);
 			break;
 		    }
@@ -1115,7 +1127,15 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 			break;
 		    }
 
-		    if(ffwopen(child, FALSE) != FIOSUC){
+		    if(add_file == 0){
+			if(our_mkdir(child, (0700)) < 0){
+			   eml.s = child;
+			   emlwrite(_("Error adding Directory \"%s\""), &eml);
+			}
+			else	/* success! Directory added! */
+			  repaint = 1;
+		    }
+		    else if(ffwopen(child, FALSE) != FIOSUC){
 			/* ffwopen should've complained */
 			break;
 		    }
@@ -1123,7 +1143,10 @@ FileBrowse(char *dir, size_t dirlen, char *fn, size_t fnlen,
 			ffclose();
 		        eml.s = child;
 			emlwrite(_("Added File \"%s\""), &eml);
+			repaint = 1;
+		    }
 
+		    if(repaint > 0){
 			if((p = strrchr(child, C_FILESEP)) == NULL){
 			    emlwrite(_("Problems refiguring browser"), NULL);
 			    break;
diff --git a/pith/pine.hlp b/pith/pine.hlp
index cac10d74..6fdbd01f 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 102 2015-09-09 19:01:06
+Alpine Commit 103 2015-09-18 22:15:37
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -204,6 +204,17 @@ Additions include:
        certificate management screen for certificate authorities. 
        Suggested by Matthias Rieber.
 
+  <LI> SMIME: Management of several alternate name (SAN) certificates is 
+       improved. When importing a SAN certificate, also import a certificate
+       for the filename, besides for the e-mail addresses in the
+       certificate. Suggested by Matthias Rieber.
+
+  <LI> SMIME: add full year when displaying information about a certificate
+       in the certificate management screen. Suggested by Matthias Rieber.
+
+  <LI> SMIME: sort certificates by some type of alphabetical order in the
+       displayed name.
+
   <LI> HTML: Add support for decoding entities in hexadecimal notation.
        Suggested by Tulip&aacute;nt Gergely.
 
@@ -260,11 +271,10 @@ Additions include:
   <LI> Reimplementation of the code that allows the .pinerc file to be a
        symbolic link by Kyle George from tcpsoft.com to use realpath.
 
-  <LI> SMIME: add full year when displaying information about a certificate
-       in the certificate management screen. Suggested by Matthias Rieber.
-
-  <LI> SMIME: sort certificates by some type of alphabetical order in the
-       displayed name.
+  <LI> When saving an attachment, the "^T" command leads to a screen where the
+       "A" command can be used to add a file. A directory can be added by
+       pressing "^X" after the "A" command. Added after a suggestion by
+       Stefan Goessling.
 </UL>
 
  
@@ -290,6 +300,9 @@ Bugs that have been addressed include:
   <LI> SMIME: certificates included in messages were not being transferred
        to a remote container.
 
+  <LI> SMIME: Crash if public certificates are located in an inaccessible
+       remote server and the private key is not available.
+
   <LI> Pico: Searching for a string that is too long causes Pico to crash
        in the next search.
 
diff --git a/pith/smime.c b/pith/smime.c
index c8c350be..01e0df09 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -211,10 +211,12 @@ setup_pwdcert(void **pwdcert)
   EVP_PKEY *pkey = NULL;
   X509 *pcert = NULL;
   PERSONAL_CERT *pc, *pc2 = NULL;
+  static int was_here = 0;
 
-  if(pwdcert == NULL)
+  if(pwdcert == NULL || was_here == 1)
     return;
 
+  was_here++;
   if(ps_global->pwdcertdir){
      if(our_stat(ps_global->pwdcertdir, &sbuf) == 0
 	&& ((sbuf.st_mode & S_IFMT) == S_IFDIR)){
@@ -232,11 +234,15 @@ setup_pwdcert(void **pwdcert)
 	  setup_dir++;
   }
 
-  if(setup_dir == 0)
+  if(setup_dir == 0){
+    was_here = 0;
     return;
+  }
 
-  if(load_key_and_cert(pathdir, pathdir, &keyfile, &certfile, &pkey, &pcert) < 0)
+  if(load_key_and_cert(pathdir, pathdir, &keyfile, &certfile, &pkey, &pcert) < 0){
+    was_here = 0;
     return;
+  }
 
   if(certfile && keyfile){
      pc = (PERSONAL_CERT *) fs_get(sizeof(PERSONAL_CERT));
@@ -246,14 +252,17 @@ setup_pwdcert(void **pwdcert)
      pc->cert = pcert;
      *pwdcert = (void *) pc;
      fs_give((void **)&certfile);
+     was_here = 0;
      return;
   }
 
   /* if the user gave a pwdcertdir and there is nothing there, do not
    * continue. Let the user initialize on their own this directory.
    */
-  if(ps_global->pwdcertdir != NULL)
+  if(ps_global->pwdcertdir != NULL){
+     was_here = 0;
      return;
+  }
 
   /* look to see if there are any certificates lying around, first
    * we try to load ps_global->smime to see if that has information
@@ -363,6 +372,7 @@ setup_pwdcert(void **pwdcert)
 
       if(setup_dir){
 	*pwdcert = (void *) pc2;
+	was_here = 0;
 	return;
       }
       else if(pc2 != NULL)
@@ -415,6 +425,7 @@ setup_pwdcert(void **pwdcert)
      pc->cert = pcert;
      *pwdcert = (void *) pc;
      fs_give((void **)&certfile);
+     was_here = 0;
      return;
   }
 
@@ -422,7 +433,7 @@ setup_pwdcert(void **pwdcert)
   q_status_message(SM_ORDER, 2, 2,
 	_("No key/certificate pair found for password file encryption support"));
 */
-
+  was_here = 0;
   if(we_inited)
     smime_deinit();
 }
@@ -685,8 +696,9 @@ import_certificate(WhichCerts ctype)
 	       }
 	       fs_give((void **)email);
 	    }
-	    else
-	      save_cert_for(filename, cert, Public);
+	    if(strcmp(filename + strlen(filename) - 4, ".crt") == 0)
+	       filename[strlen(filename) - 4] = '\0';
+	    save_cert_for(filename, cert, Public);
 	  }
 	  else  /* if(SMHOLDERTYPE(ctype) == Container){ */
 	     add_file_to_container(ctype, full_filename, NULL);
diff --git a/pith/smkeys.c b/pith/smkeys.c
index c6feb567..17357378 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -255,7 +255,7 @@ smime_get_cn(X509_NAME *subject)
 {
    char buf[256];
    X509_NAME_ENTRY *e;
-   e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-2);
+   e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
    if(e)
       X509_NAME_get_text_by_OBJ(subject, e->object, buf, sizeof(buf));
    return cpystr(buf);
author	Eduardo Chappa <chappa@washington.edu>	2015-09-18 22:17:44 -0600
committer	Eduardo Chappa <chappa@washington.edu>	2015-09-18 22:17:44 -0600
commit	a5bec83c5704f49844a9232d16aab0b2b9bf633e (patch)
tree	dab972df7886336e6e9984e77308403c4155c468
parent	6bcba429b8feb23fa3de2ee8d77bfa80785676ed (diff)
download	alpine-a5bec83c5704f49844a9232d16aab0b2b9bf633e.tar.xz