mutt/2104: Core dump reading pgp-signed messages without pgp
>Number: 2104
>Notify-List:
>Category: mutt
>Synopsis: Core dump reading pgp-signed messages without pgp
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Oct 05 18:28:14 +0200 2005
>Originator: Gary Mills
>Release: 1.5.10i
>Organization:
University of Manitoba
>Environment:
Solaris 8 to Solaris 10 SPARC
Native curses
>Description:
With all PGP variables set to defaults in Muttrc, reading a
PGP-signed message causes a core dump. Mutt gets a SIGSEGV
while calling rewind() on a NULL stream. Here's a stack trace
from mdb:
> ::stack
libc.so.1`rewind+4(0, ffbfd744, ffbfbcb0, ffffffff, 9, ffffffff)
pgp_application_pgp_handler+0x898(14ec68, ffbfd744, 8, 0, 0, 0)
crypt_mod_pgp_application_handler+0x18(14ec68, ffbfd744, 0, ff3a2000, ff1e8328,
4)
crypt_pgp_application_pgp_handler+0x60(14ec68, ffbfd744, 8b4, 11a894, 14dd28, 0
)
mutt_body_handler+0x824(14ec68, ffbfd744, ffffffff, fffffff8, ffffffe0,
ffbfd75d)
_mutt_copy_message+0x5a4(13e7a0, 13e7b0, 14ecf0, 14ec68, 84c, 96)
mutt_copy_message+0x80(13e7a0, 14fa90, 14ecf0, 84c, 96, a)
mutt_display_message+0x4fc(14ecf0, ffbfdf70, 0, 5, 3, 6)
mutt_index_menu+0x2e74(14fa90, 0, 0, 14fa27, 0, 80808080)
main+0x14b0(1, ffbfeb34, ffbfeb3c, 12e800, ff3a0100, ff3a0140)
_start+0x108(0, 0, 0, 0, 0, 0)
The attached diff file eliminates the core dump. It now
displays:
[-- Error: unable to create PGP subprocess! --]
>How-To-Repeat:
Read a PGP-signed message with no PGP settings.
>Fix:
See attached diff. Also needs a configuration change to
avoid the error in the first place.
>Add-To-Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: application/octet-stream; name="pgp.c.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="pgp.c.diff"