From f75c1008f28b4bbe7913a4f6d3a5fd881059c1f3 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Wed, 30 Sep 2015 11:25:28 +0800
Subject: [PATCH] Fix chomp in smime_handle_cert_email.

During a review of the previous patch, Oswald Buddenhagen noticed two
of the fixed oob reads had another problem: they were "chomping" (the
newline) without verifying there actually was a newline at the end of
the string.
---
 smime.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/smime.c b/smime.c
index 8edcc3dde..97e77e757 100644
--- a/smime.c
+++ b/smime.c
@@ -956,8 +956,8 @@ static int smime_handle_cert_email (char *certificate, char *mailbox,
   while ((fgets (email, sizeof (email), fpout)))
   {
     len = mutt_strlen (email);
-    if (len)
-      *(email + len - 1) = '\0';
+    if (len && (email[len - 1] == '\n'))
+      email[len - 1] = '\0';
     if(mutt_strncasecmp (email, mailbox, mutt_strlen (mailbox)) == 0)
       ret=1;
 
@@ -986,8 +986,8 @@ static int smime_handle_cert_email (char *certificate, char *mailbox,
     while ((fgets (email, sizeof (email), fpout)))
     {
       len = mutt_strlen (email);
-      if (len)
-        *(email + len - 1) = '\0';
+      if (len && (email[len - 1] == '\n'))
+        email[len - 1] = '\0';
       (*buffer)[count] = safe_calloc(1, mutt_strlen (email) + 1);
       strncpy((*buffer)[count], email, mutt_strlen (email));
       count++;
-- 
2.49.0