From 02ef88f77646e686f3a690141e8e4c5df338c964 Mon Sep 17 00:00:00 2001
From: Brendan Cully <brendan@kublai.com>
Date: Sun, 8 Jul 2012 17:25:12 -0700
Subject: [PATCH] gnutls:tls_compare_certificates: check strstr for failure
 (closes #3547)

A malformed certificate file could cause strstr to return an unhandled NULL.
Thanks to hhorak for the proposed patch. This one is similar but avoids using
memmem for the first time (I am not sure about its portability).
---
 mutt_ssl_gnutls.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index d670c4338..e2b0f0822 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -439,8 +439,16 @@ static int tls_compare_certificates (const gnutls_datum *peercert)
       return 0;
     }
 
-    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP) + 1;
-    ptr = (unsigned char *)strstr((char*)ptr, CERT_SEP);
+    /* find start of cert, skipping junk */
+    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP);
+    if (!ptr)
+    {
+      gnutls_free(cert.data);
+      FREE (&b64_data_data);
+      return 0;
+    }
+    /* find start of next cert */
+    ptr = (unsigned char *)strstr((char*)ptr + 1, CERT_SEP);
 
     b64_data.size = b64_data.size - (ptr - b64_data.data);
     b64_data.data = ptr;
-- 
2.50.0