Fix chomp in smime_handle_cert_email.

During a review of the previous patch, Oswald Buddenhagen noticed two
of the fixed oob reads had another problem: they were "chomping" (the
newline) without verifying there actually was a newline at the end of
the string.

diff --git a/smime.c b/smime.c
index 8edcc3dde4748313583436b1dc7f2b73cce07030..97e77e757bbeddeb4e84dfb109817e005dc88aaf 100644 (file)
--- a/smime.c
+++ b/smime.c
@@ -956,8 +956,8 @@ static int smime_handle_cert_email (char *certificate, char *mailbox,
   while ((fgets (email, sizeof (email), fpout)))
   {
     len = mutt_strlen (email);
-    if (len)
-      *(email + len - 1) = '\0';
+    if (len && (email[len - 1] == '\n'))
+      email[len - 1] = '\0';
     if(mutt_strncasecmp (email, mailbox, mutt_strlen (mailbox)) == 0)
       ret=1;
 
@@ -986,8 +986,8 @@ static int smime_handle_cert_email (char *certificate, char *mailbox,
     while ((fgets (email, sizeof (email), fpout)))
     {
       len = mutt_strlen (email);
-      if (len)
-        *(email + len - 1) = '\0';
+      if (len && (email[len - 1] == '\n'))
+        email[len - 1] = '\0';
       (*buffer)[count] = safe_calloc(1, mutt_strlen (email) + 1);
       strncpy((*buffer)[count], email, mutt_strlen (email));
       count++;