Ticket #2684 (closed defect: fixed)

Opened 20 months ago

Last modified 7 weeks ago

crash on s/mime verification

Reported by: sertac.liste@… Owned by: mutt-dev
Priority: major Milestone: 1.6
Component: crypto Version: tried with 1.5.13 and 1.5.13cvs (2007-01-09)
Keywords: Cc:

Description (last modified by brendan) (diff)

I tried to verify an S/MIME signed test mail with GPG encrypted body. But I noticed two problems:

1. mutt asks for my s/mime password, but it shouldn't need it for verification.

2. After decrypting the body it crashes. 

Program received signal SIGSEGV, Segmentation fault.
safe_strdup (s=0x2d746e65 <Address 0x2d746e65 out of bounds>) at lib.c:214
214       if (!s || !*s)
(gdb) bt
#0  safe_strdup (s=0x2d746e65 <Address 0x2d746e65 out of bounds>) at lib.c:214
#1  0x080a9ee7 in mutt_write_mime_header (a=0x99fbe60, f=0x99fbe60) at sendlib.c:324
#2  0x080612d5 in _mutt_copy_message (fpout=0x99fbe60, fpin=0x99d2018, hdr=0x99d2b48, body=0x99d3020, flags=1024, chflags=770) at copy.c:687
#3  0x08061a6a in mutt_copy_message (fpout=0x99fbe60, src=0x99422c0, hdr=0x99d2b48, flags=1024, chflags=770) at copy.c:742
#4  0x080c692b in smime_verify_sender (h=0x99d2b48) at smime.c:1174
#5  0x0805b685 in mutt_display_message (cur=0x99d2b48) at commands.c:185
#6  0x080663d8 in mutt_index_menu () at curs_main.c:1366
#7  0x08080b55 in main (argc=4, argv=0xbfaf6184) at main.c:1023

cur is not initialised here: 

687         mutt_write_mime_header (cur, fpout);

so after sendlib.c:308 : 

(gdb) x cur->subtype
0xb7fa2000:      "Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Content-Type: message/Co"...

Fix:

This patch prevents the crash, but I'm not sure if it is correct or not. 

--- mutt-1.5.13/copy.c.old      2007-01-05 00:01:38.000000000 +0200
+++ mutt-1.5.13/copy.c  2007-01-05 00:01:48.000000000 +0200
@@ -677,7 +677,7 @@ _mutt_copy_message (FILE *fpout, FILE *f
 
     if ((WithCrypto & APPLICATION_SMIME)
         && (flags & M_CM_DECODE_SMIME) && (hdr->security & APPLICATION_SMIME)
-             && hdr->content->type == TYPEAPPLICATION)
+             && hdr->content->type == TYPEMULTIPART)
     {
       if (crypt_smime_decrypt_mime (fpin, &fp, hdr->content, &cur))
        return (-1);

Change History

Changed 17 months ago by brendan

  • owner changed from mutt-dev to brendan
  • status changed from new to assigned
  • component changed from mutt to crypto
  • description modified (diff)
  • milestone set to 1.6

Changed 17 months ago by brendan

  • owner changed from brendan to mutt-dev
  • status changed from assigned to new

Changed 3 months ago by brendan

  • priority changed from minor to major

Changed 7 weeks ago by brendan

  • status changed from new to closed
  • resolution set to fixed

(In [17525e17fa7b]) Bail out of copy if decryption is requested but the desired engine is missing. This closes #2684, but handling of mixed crypto in a single message needs more investigation.

Note: See TracTickets for help on using tickets.