commit 08d3b2ab69a402a31804fa4c360b70f5905cd97b
Author: Oswald Buddenhagen <o...@kde.org>
Date: Mon Apr 5 13:06:58 2010 +0200
fix uninitialized variable read
this is basically a security fix for nonsensical configurations:
if the specified CertificateFile did not contain any certificates,
we *might* have accepted an arbitrary server certificate.
src/drv_imap.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/drv_imap.c b/src/drv_imap.c
index 1090862..a71c1a3 100644
--- a/src/drv_imap.c
+++ b/src/drv_imap.c
@@ -255,6 +255,7 @@ verify_cert( imap_store_t *ctx )
srvc->cert_file, strerror( errno ) );
return 0;
}
+ err = -1;
for (lcert = 0; READ_X509_KEY( fp, &lcert ); )
if (!(err = compare_certificates( lcert, cert, md, n )))
break;
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
