catch NULL dereference with bad s/mime signature

Philipp Gesang philipp.gesang at intra2net.com
Mon Jun 18 09:30:05 UTC 2018 

Hi,

mutt (1.10+25) crashes on S/MIME email from a particular sender
(apparently generated by some exchange / outlook for mac os
combination):

    ==23080== Process terminating with default action of signal 11 (SIGSEGV): dumping core
    ==23080==  Access not within mapped region at address 0x0
    ==23080==    at 0x4C30B82: strlen (vg_replace_strmem.c:458)
    ==23080==    by 0x688E734: fputs (iofputs.c:33)
    ==23080==    by 0x47A30C: print_smime_keyinfo.isra.15 (crypt-gpgme.c:1386)
    ==23080==    by 0x47A995: show_one_sig_status (crypt-gpgme.c:1502)
    ==23080==    by 0x47B26D: verify_one.isra.17 (crypt-gpgme.c:1587)
    ==23080==    by 0x4145E0: mutt_signed_handler (crypt.c:1005)
    ==23080==    by 0x436432: run_decode_and_handler (handler.c:1670)
    ==23080==    by 0x436725: mutt_body_handler (handler.c:1811)
    ==23080==    by 0x41C852: _mutt_copy_message (copy.c:617)
    ==23080==    by 0x41CDB7: mutt_copy_message (copy.c:705)
    ==23080==    by 0x415BA6: mutt_display_message (commands.c:149)
    ==23080==    by 0x421124: mutt_index_menu (curs_main.c:1378)

It crashes cause at that point the fingerprint hasn’t been filled
in by gpgme (1.8.0 on Fedora 26).

With the attached patch applied, I now get:

    [-- Begin signature information --]
    Problem signature from: no signature fingerprint available
    Can't verify due to a missing key or certificate
    [-- End signature information --]

    [-- The following data is signed --]

instead of the segfault.

Best,
Philipp

-------------- next part --------------
From fd4d754d457e0819bb6b9e417afb33c26f87bf55 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Mon, 18 Jun 2018 11:21:38 +0200
Subject: [PATCH] crypt-gpgme: prevent crash on bad S/MIME signature

Inform the user about the fingerprint being unavailable instead
of crashing if the S/MIME signature is bad.
---
 crypt-gpgme.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypt-gpgme.c b/crypt-gpgme.c
index 700a3630..f2af8986 100644
--- a/crypt-gpgme.c
+++ b/crypt-gpgme.c
@@ -1382,8 +1382,12 @@ static void print_smime_keyinfo (const char* msg, gpgme_signature_t sig,
   }
   else
   {
-    state_puts (_("KeyID "), s);
-    state_puts (sig->fpr, s);
+    if (sig->fpr == NULL)
+      state_puts (_("no signature fingerprint available"), s);
+    else {
+      state_puts (_("KeyID "), s);
+      state_puts (sig->fpr, s);
+    }
     state_puts ("\n", s);
   }
 
-- 
2.13.6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20180618/2640a503/attachment.asc>

More information about the Mutt-dev mailing list