diff options
author | Eduardo Chappa <chappa@washington.edu> | 2017-07-14 08:30:59 -0600 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2017-07-14 08:30:59 -0600 |
commit | bc3f61e54599136fb264cf4074abb685b866eb85 (patch) | |
tree | 02d61412d65f5f3d51c82877ef0c4a6fcde02927 | |
parent | 65dea5ff595b089c5d46131381f01d84b7dfd79a (diff) | |
download | alpine-bc3f61e54599136fb264cf4074abb685b866eb85.tar.xz |
* Fix crash when a CA certificate failed to load, by protecting some calls
when s_cert_store is NULL, and also only freeing s_cert_store when all
certificates in the .alpine-smime/ca directory fail to load.
-rw-r--r-- | pith/pine.hlp | 5 | ||||
-rw-r--r-- | pith/smime.c | 6 | ||||
-rw-r--r-- | pith/smkeys.c | 7 |
3 files changed, 12 insertions, 6 deletions
diff --git a/pith/pine.hlp b/pith/pine.hlp index 2f75dd38..2d436fdc 100644 --- a/pith/pine.hlp +++ b/pith/pine.hlp @@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any reasonable place to be called from. Dummy change to get revision in pine.hlp ============= h_revision ================= -Alpine Commit 211 2017-05-04 22:18:31 +Alpine Commit 212 2017-07-14 08:25:45 ============= h_news ================= <HTML> <HEAD> @@ -181,6 +181,9 @@ Bugs that have been addressed include: <UL> <LI> Crash when attempting to bounce a message due to lack of space in allocated space for key menu array. Reported by David Sewell. + + <LI> Crash when a CA certificate failed to load, and user attempted to + view certificate information of other certificate authorities. </UL> <P> diff --git a/pith/smime.c b/pith/smime.c index 1878988f..50c0dcc1 100644 --- a/pith/smime.c +++ b/pith/smime.c @@ -643,7 +643,7 @@ import_certificate(WhichCerts ctype, PERSONAL_CERT *p_cert, char *fname) } else { char *s; strncpy(full_filename, fname, sizeof(full_filename)); - if((s = strrchr(full_filename, '/')) != '\0') + if((s = strrchr(full_filename, '/')) != NULL) strncpy(filename, s+1, sizeof(filename)); } @@ -1295,7 +1295,7 @@ int smime_validate_cert(X509 *cert, long *error) ERR_clear_error(); *error = 0; - if((csc = X509_STORE_CTX_new()) != NULL){ + if((s_cert_store != NULL) && (csc = X509_STORE_CTX_new()) != NULL){ X509_STORE_set_flags(s_cert_store, 0); if(X509_STORE_CTX_init(csc,s_cert_store,cert,NULL) && X509_verify_cert(csc) <= 0) @@ -3605,7 +3605,7 @@ get_chain_for_cert(X509 *cert, int *error, int *level) *level = -1; *error = 0; ERR_clear_error(); - if((ctx = X509_STORE_CTX_new()) != NULL){ + if((s_cert_store != NULL) && (ctx = X509_STORE_CTX_new()) != NULL){ X509_STORE_set_flags(s_cert_store, 0); if(!X509_STORE_CTX_init(ctx, s_cert_store, cert, NULL)) *error = X509_STORE_CTX_get_error(ctx); diff --git a/pith/smkeys.c b/pith/smkeys.c index 46501d08..d899f4f8 100644 --- a/pith/smkeys.c +++ b/pith/smkeys.c @@ -673,16 +673,17 @@ add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata) struct direct *d; DIR *dirp; CertList *cert, *cl; - int ret = 0; + int ret = 0, nfiles = 0, nerr = 0; if((dirp = opendir(path)) != NULL){ while(!ret && (d=readdir(dirp)) != NULL){ if(srchrstr(d->d_name, ext)){ + nfiles++; build_path(buf, path, d->d_name, sizeof(buf)); if(!X509_LOOKUP_load_file(lookup, buf, X509_FILETYPE_PEM)){ q_status_message1(SM_ORDER, 3, 3, _("Error loading file %s"), buf); - ret = -1; + nerr++; } else { if(cdata){ BIO *in; @@ -719,6 +720,8 @@ add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata) closedir(dirp); } + /* if all certificates fail to load */ + if(nerr == nfiles) ret = -1; return ret; } |