catch NULL dereference with bad s/mime signature
Philipp Gesang
philipp.gesang at intra2net.com
Mon Jun 18 09:30:05 UTC 2018
Hi,
mutt (1.10+25) crashes on S/MIME email from a particular sender
(apparently generated by some exchange / outlook for mac os
combination):
==23080== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==23080== Access not within mapped region at address 0x0
==23080== at 0x4C30B82: strlen (vg_replace_strmem.c:458)
==23080== by 0x688E734: fputs (iofputs.c:33)
==23080== by 0x47A30C: print_smime_keyinfo.isra.15 (crypt-gpgme.c:1386)
==23080== by 0x47A995: show_one_sig_status (crypt-gpgme.c:1502)
==23080== by 0x47B26D: verify_one.isra.17 (crypt-gpgme.c:1587)
==23080== by 0x4145E0: mutt_signed_handler (crypt.c:1005)
==23080== by 0x436432: run_decode_and_handler (handler.c:1670)
==23080== by 0x436725: mutt_body_handler (handler.c:1811)
==23080== by 0x41C852: _mutt_copy_message (copy.c:617)
==23080== by 0x41CDB7: mutt_copy_message (copy.c:705)
==23080== by 0x415BA6: mutt_display_message (commands.c:149)
==23080== by 0x421124: mutt_index_menu (curs_main.c:1378)
It crashes cause at that point the fingerprint hasn’t been filled
in by gpgme (1.8.0 on Fedora 26).
With the attached patch applied, I now get:
[-- Begin signature information --]
Problem signature from: no signature fingerprint available
Can't verify due to a missing key or certificate
[-- End signature information --]
[-- The following data is signed --]
instead of the segfault.
Best,
Philipp
-------------- next part --------------
From fd4d754d457e0819bb6b9e417afb33c26f87bf55 Mon Sep 17 00:00:00 2001
From: Philipp Gesang <philipp.gesang at intra2net.com>
Date: Mon, 18 Jun 2018 11:21:38 +0200
Subject: [PATCH] crypt-gpgme: prevent crash on bad S/MIME signature
Inform the user about the fingerprint being unavailable instead
of crashing if the S/MIME signature is bad.
---
crypt-gpgme.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/crypt-gpgme.c b/crypt-gpgme.c
index 700a3630..f2af8986 100644
--- a/crypt-gpgme.c
+++ b/crypt-gpgme.c
@@ -1382,8 +1382,12 @@ static void print_smime_keyinfo (const char* msg, gpgme_signature_t sig,
}
else
{
- state_puts (_("KeyID "), s);
- state_puts (sig->fpr, s);
+ if (sig->fpr == NULL)
+ state_puts (_("no signature fingerprint available"), s);
+ else {
+ state_puts (_("KeyID "), s);
+ state_puts (sig->fpr, s);
+ }
state_puts ("\n", s);
}
--
2.13.6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20180618/2640a503/attachment.asc>
More information about the Mutt-dev
mailing list