* new version 2.20.3

   * SMIME: If a message contains a RFC822 atachment that is
     signed/decrypted add the ability to view its SMIME information.

   * SMIME: The ^E command that gives information on the certificate
     is only available for messages that have a signed or encrypted part.

   * Fix vulnerability in regex library. This only affects those who use
     this library, such as the windows version of Alpine. See
     http://www.kb.cert.org/vuls/id/695940.

   * HTML: Add support for decoding entities in hexadecimal notation.
     Suggested by Tulipánt Gergely.

   * Pico: Add the ability to search for strings in the beginning or end
     of a line. In the search menu, pressing Ctrl-^ toggles the prompt
     to search for a string at the beginning of a line. Another press of
     Ctrl-^ toggles the prompt to search for a string at the end of a line,
     and pressing Ctrl-^ one more time searches for the string anywhere in
     the text.

1 files changed, 1 insertions, 2 deletions

diff --git a/pith/smime.c b/pith/smime.c
index 3482e045..99c80c03 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -560,18 +560,17 @@ load_pkey_with_prompt(char *fpath, char *text, char *prompt)
   in = text ? BIO_new_mem_buf(text, strlen(text)) : BIO_new_file(fpath, "r");
   if(in != NULL){
      pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, "");
-     BIO_free(in);
      if(pkey != NULL) return pkey;
   }
 
   if(pith_smime_enter_password)
     while(pkey == NULL && rc != 1){
-       in = text ? BIO_new_mem_buf(text, strlen(text)) : BIO_new_file(fpath, "r");
        if(in != NULL){
 	 do {
 	   rc = (*pith_smime_enter_password)(prompt, (char *)pass, sizeof(pass));
 	 } while (rc!=0 && rc!=1 && rc>0);
 
+	 (void) BIO_reset(in);
 	 pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, (char *)pass);
 	 BIO_free(in);
        }