#3831: Crash Bug due to unchecked SSL_CTX_new
----------------------+----------------------
Reporter: yujokang | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: crypto | Version: 1.6.0
Keywords: |
----------------------+----------------------
Dear Mutt developers,
We are security researchers at Columbia University and the University of
Virginia. As part of a research project, we have built a tool for
automatically finding error handling bugs and are testing it on various
cryptographic libraries and applications that use them.
We discovered that SSL_CTX_new is not checked for failure, which could
lead to crashes due to segmentation faults when the NULL pointer is passed
into SSL_CTX_set_options.
Please let us know how you intend to address the following issue:
mutt_ssl.c, line 337:
{{{#!c
static int ssl_socket_open (CONNECTION * conn)
{
...
data->ctx = SSL_CTX_new (SSLv23_client_method ());
/* disable SSL protocols as needed */
if (!option(OPTTLSV1))
{
SSL_CTX_set_options(data->ctx, SSL_OP_NO_TLSv1);
}
...
}
}}}
Thank you,
Yuan Kang
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3831>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
