summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2017-07-14 08:30:59 -0600
committerEduardo Chappa <chappa@washington.edu>2017-07-14 08:30:59 -0600
commitbc3f61e54599136fb264cf4074abb685b866eb85 (patch)
tree02d61412d65f5f3d51c82877ef0c4a6fcde02927
parent65dea5ff595b089c5d46131381f01d84b7dfd79a (diff)
downloadalpine-bc3f61e54599136fb264cf4074abb685b866eb85.tar.xz
* Fix crash when a CA certificate failed to load, by protecting some calls
when s_cert_store is NULL, and also only freeing s_cert_store when all certificates in the .alpine-smime/ca directory fail to load.
-rw-r--r--pith/pine.hlp5
-rw-r--r--pith/smime.c6
-rw-r--r--pith/smkeys.c7
3 files changed, 12 insertions, 6 deletions
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 2f75dd38..2d436fdc 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
reasonable place to be called from.
Dummy change to get revision in pine.hlp
============= h_revision =================
-Alpine Commit 211 2017-05-04 22:18:31
+Alpine Commit 212 2017-07-14 08:25:45
============= h_news =================
<HTML>
<HEAD>
@@ -181,6 +181,9 @@ Bugs that have been addressed include:
<UL>
<LI> Crash when attempting to bounce a message due to lack of space in
allocated space for key menu array. Reported by David Sewell.
+
+ <LI> Crash when a CA certificate failed to load, and user attempted to
+ view certificate information of other certificate authorities.
</UL>
<P>
diff --git a/pith/smime.c b/pith/smime.c
index 1878988f..50c0dcc1 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -643,7 +643,7 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname)
} else {
char *s;
strncpy(full_filename, fname, sizeof(full_filename));
- if((s = strrchr(full_filename, '/')) != '\0')
+ if((s = strrchr(full_filename, '/')) != NULL)
strncpy(filename, s+1, sizeof(filename));
}
@@ -1295,7 +1295,7 @@ int smime_validate_cert(X509 *cert, long *error)
ERR_clear_error();
*error = 0;
- if((csc = X509_STORE_CTX_new()) != NULL){
+ if((s_cert_store != NULL) && (csc = X509_STORE_CTX_new()) != NULL){
X509_STORE_set_flags(s_cert_store, 0);
if(X509_STORE_CTX_init(csc,s_cert_store,cert,NULL)
&& X509_verify_cert(csc) <= 0)
@@ -3605,7 +3605,7 @@ get_chain_for_cert(X509 *cert, int *error, int *level)
*level = -1;
*error = 0;
ERR_clear_error();
- if((ctx = X509_STORE_CTX_new()) != NULL){
+ if((s_cert_store != NULL) && (ctx = X509_STORE_CTX_new()) != NULL){
X509_STORE_set_flags(s_cert_store, 0);
if(!X509_STORE_CTX_init(ctx, s_cert_store, cert, NULL))
*error = X509_STORE_CTX_get_error(ctx);
diff --git a/pith/smkeys.c b/pith/smkeys.c
index 46501d08..d899f4f8 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -673,16 +673,17 @@ add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata)
struct direct *d;
DIR *dirp;
CertList *cert, *cl;
- int ret = 0;
+ int ret = 0, nfiles = 0, nerr = 0;
if((dirp = opendir(path)) != NULL){
while(!ret && (d=readdir(dirp)) != NULL){
if(srchrstr(d->d_name, ext)){
+ nfiles++;
build_path(buf, path, d->d_name, sizeof(buf));
if(!X509_LOOKUP_load_file(lookup, buf, X509_FILETYPE_PEM)){
q_status_message1(SM_ORDER, 3, 3, _("Error loading file %s"), buf);
- ret = -1;
+ nerr++;
} else {
if(cdata){
BIO *in;
@@ -719,6 +720,8 @@ add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata)
closedir(dirp);
}
+ /* if all certificates fail to load */
+ if(nerr == nfiles) ret = -1;
return ret;
}