[prev in list] [next in list] [prev in thread] [next in thread]
List: mutt-dev
Subject: [PATCH 1 of 2] Fix menu type in certificate prompt.
From: "Kevin J. McCarthy" <kevin () 8t8 ! us>
Date: 2015-09-27 6:44:33
Message-ID: 20150927064433.GB1136 () qinghai
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
The menu type is used in several places as a direct index into
Keymaps[], so passing in -1 to mutt_new_menu() was leading to illegal
memory accesses later on.
Add a range check in mutt_new_menu(), defaulting to MENU_GENERIC, to
prevent this problem in the future.
--=20
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
http://www.8t8.us/configs/gpg-key-transition-statement.txt
["01-fix-menu-type.patch" (text/plain)]
# HG changeset patch
# User Kevin McCarthy <kevin@8t8.us>
# Date 1443335580 -28800
# Sun Sep 27 14:33:00 2015 +0800
# Node ID c1cb2f94e0bad0442d2bfd22274a8c758f3a2951
# Parent aec82c4dd826f236e5fd2eeb362bb6a9a44882f6
Fix menu type in certificate prompt. (see #3779)
The menu type is used in several places as a direct index into
Keymaps[], so passing in -1 to mutt_new_menu() was leading to illegal
memory accesses later on.
Add a range check in mutt_new_menu(), defaulting to MENU_GENERIC, to
prevent this problem in the future.
diff --git a/menu.c b/menu.c
--- a/menu.c
+++ b/menu.c
@@ -679,16 +679,19 @@
for (i = 0; i < MENU_MAX; i++)
SearchBuffers[i] = NULL;
}
MUTTMENU *mutt_new_menu (int menu)
{
MUTTMENU *p = (MUTTMENU *) safe_calloc (1, sizeof (MUTTMENU));
+ if ((menu < 0) || (menu >= MENU_MAX))
+ menu = MENU_GENERIC;
+
p->menu = menu;
p->current = 0;
p->top = 0;
p->offset = 1;
p->redraw = REDRAW_FULL;
p->pagelen = PAGELEN;
p->color = default_color;
p->search = menu_search_generic;
diff --git a/mutt_ssl.c b/mutt_ssl.c
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -972,17 +972,17 @@
static int interactive_check_cert (X509 *cert, int idx, int len)
{
static const char * const part[] =
{"/CN=", "/Email=", "/O=", "/OU=", "/L=", "/ST=", "/C="};
char helpstr[LONG_STRING];
char buf[STRING];
char title[STRING];
- MUTTMENU *menu = mutt_new_menu (-1);
+ MUTTMENU *menu = mutt_new_menu (MENU_GENERIC);
int done, row, i;
FILE *fp;
char *name = NULL, *c;
dprint (2, (debugfile, "interactive_check_cert: %s\n", cert->name));
menu->max = 19;
menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -845,17 +845,17 @@
if (gnutls_x509_crt_import (cert, certdata, GNUTLS_X509_FMT_DER) < 0)
{
mutt_error (_("Error processing certificate data"));
mutt_sleep (2);
gnutls_x509_crt_deinit (cert);
return 0;
}
- menu = mutt_new_menu (-1);
+ menu = mutt_new_menu (MENU_GENERIC);
menu->max = 25;
menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
for (i = 0; i < menu->max; i++)
menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char));
row = 0;
strfcpy (menu->dialog[row], _("This certificate belongs to:"), SHORT_STRING);
row++;
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic