From c4abbd2d009bdd925e72ac23b77a9df6b8e43a92 Mon Sep 17 00:00:00 2001
From: Brendan Cully <brendan@kublai.com>
Date: Sun, 8 Jul 2012 17:25:12 -0700
Subject: [PATCH] gnutls:tls_compare_certificates: check strstr for failure
 (closes #3547)

A malformed certificate file could cause strstr to return an unhandled NULL.
Thanks to hhorak for the proposed patch. This one is similar but avoids using
memmem for the first time (I am not sure about its portability).
---
 mutt_ssl_gnutls.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c
index d670c433..e2b0f082 100644
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -439,8 +439,16 @@ static int tls_compare_certificates (const gnutls_datum *peercert)
       return 0;
     }
 
-    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP) + 1;
-    ptr = (unsigned char *)strstr((char*)ptr, CERT_SEP);
+    /* find start of cert, skipping junk */
+    ptr = (unsigned char *)strstr((char*)b64_data.data, CERT_SEP);
+    if (!ptr)
+    {
+      gnutls_free(cert.data);
+      FREE (&b64_data_data);
+      return 0;
+    }
+    /* find start of next cert */
+    ptr = (unsigned char *)strstr((char*)ptr + 1, CERT_SEP);
 
     b64_data.size = b64_data.size - (ptr - b64_data.data);
     b64_data.data = ptr;
-- 
2.49.0