Alternate version of this patch to ensure the cast is safe.
# HG changeset patch
# User Michael Elkins <me@xxxxxxxx>
# Date 1281159058 25200
# Branch HEAD
# Node ID e1aa54051b30b4e733909608fd15aa269ab2c50a
# Parent 5b15d4d9627795c4ff95bf872049bd3be6078e6a
[mq]: mutt_ssl_sign_compare
diff -r 5b15d4d96277 -r e1aa54051b30 mutt_ssl.c
--- a/mutt_ssl.c Fri Aug 06 17:08:34 2010 -0700
+++ b/mutt_ssl.c Fri Aug 06 22:30:58 2010 -0700
@@ -760,7 +760,8 @@
subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
if (subj_alt_name->type == GEN_DNS)
{
- if (mutt_strlen((char *)subj_alt_name->d.ia5->data) ==
subj_alt_name->d.ia5->length &&
+ if (subj_alt_name->d.ia5->length >= 0 &&
+ mutt_strlen((char *)subj_alt_name->d.ia5->data) ==
(size_t)subj_alt_name->d.ia5->length &&
(match_found = hostname_match(hostname_ascii,
(char
*)(subj_alt_name->d.ia5->data))))
{
@@ -780,9 +781,16 @@
goto out;
}
+ /* first get the space requirements */
bufsize = X509_NAME_get_text_by_NID(x509_subject, NID_commonName,
NULL, 0);
- bufsize++;
+ if (bufsize == -1)
+ {
+ if (err && errlen)
+ strfcpy (err, _("cannot get certificate common name"), errlen);
+ goto out;
+ }
+ bufsize++; /* space for the terminal nul char */
buf = safe_malloc((size_t)bufsize);
if (X509_NAME_get_text_by_NID(x509_subject, NID_commonName,
buf, bufsize) == -1)
@@ -791,7 +799,10 @@
strfcpy (err, _("cannot get certificate common name"), errlen);
goto out;
}
- if (mutt_strlen(buf) == bufsize - 1) {
+ /* cast is safe since bufsize is incremented above, so bufsize-1 is always
+ * zero or greater.
+ */
+ if (mutt_strlen(buf) == (size_t)bufsize - 1) {
match_found = hostname_match(hostname_ascii, buf);
}
}
Attachment:
pgpEHOk9LBp3z.pgp
Description: PGP signature