Alternate version of this patch to ensure the cast is safe.
# HG changeset patch # User Michael Elkins <[email protected]> # Date 1281159058 25200 # Branch HEAD # Node ID e1aa54051b30b4e733909608fd15aa269ab2c50a # Parent 5b15d4d9627795c4ff95bf872049bd3be6078e6a [mq]: mutt_ssl_sign_compare diff -r 5b15d4d96277 -r e1aa54051b30 mutt_ssl.c --- a/mutt_ssl.c Fri Aug 06 17:08:34 2010 -0700 +++ b/mutt_ssl.c Fri Aug 06 22:30:58 2010 -0700 @@ -760,7 +760,8 @@ subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i); if (subj_alt_name->type == GEN_DNS) { - if (mutt_strlen((char *)subj_alt_name->d.ia5->data) == subj_alt_name->d.ia5->length && + if (subj_alt_name->d.ia5->length >= 0 && + mutt_strlen((char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length && (match_found = hostname_match(hostname_ascii, (char *)(subj_alt_name->d.ia5->data)))) { @@ -780,9 +781,16 @@ goto out; }+ /* first get the space requirements */
bufsize = X509_NAME_get_text_by_NID(x509_subject, NID_commonName,
NULL, 0);
- bufsize++;
+ if (bufsize == -1)
+ {
+ if (err && errlen)
+ strfcpy (err, _("cannot get certificate common name"), errlen);
+ goto out;
+ }
+ bufsize++; /* space for the terminal nul char */
buf = safe_malloc((size_t)bufsize);
if (X509_NAME_get_text_by_NID(x509_subject, NID_commonName,
buf, bufsize) == -1)
@@ -791,7 +799,10 @@
strfcpy (err, _("cannot get certificate common name"), errlen);
goto out;
}
- if (mutt_strlen(buf) == bufsize - 1) {
+ /* cast is safe since bufsize is incremented above, so bufsize-1 is always
+ * zero or greater.
+ */
+ if (mutt_strlen(buf) == (size_t)bufsize - 1) {
match_found = hostname_match(hostname_ascii, buf);
}
}
pgpOsadG6FqU5.pgp
Description: PGP signature
