From: Brendan Cully <brendan@kublai.com>
Date: Mon, 9 Jul 2012 00:25:12 +0000 (-0700)
Subject: gnutls:tls_compare_certificates: check strstr for failure (closes #3547)
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=02ef88f77646e686f3a690141e8e4c5df338c964;p=neomutt

gnutls:tls_compare_certificates: check strstr for failure (closes #3547)

A malformed certificate file could cause strstr to return an unhandled NULL.
Thanks to hhorak for the proposed patch. This one is similar but avoids using
memmem for the first time (I am not sure about its portability).
---

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index d670c4338..e2b0f0822 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -439,8 +439,16 @@ static int tls_compare_certificates (const gnutls_datum *peercert)
       return 0;
     }
 
-    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP) + 1;
-    ptr = (unsigned char *)strstr((char*)ptr, CERT_SEP);
+    /* find start of cert, skipping junk */
+    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP);
+    if (!ptr)
+    {
+      gnutls_free(cert.data);
+      FREE (&b64_data_data);
+      return 0;
+    }
+    /* find start of next cert */
+    ptr = (unsigned char *)strstr((char*)ptr + 1, CERT_SEP);
 
     b64_data.size = b64_data.size - (ptr - b64_data.data);
     b64_data.data = ptr;