File bnc-475108-VUL-smime-validation-flaw.patch of Package evolution-data-server

Index: camel/camel-smime-context.c
===================================================================
--- camel/camel-smime-context.c	(revision 10050)
+++ camel/camel-smime-context.c	(working copy)
@@ -40,6 +40,7 @@
 #include <smime.h>
 #include <pkcs11t.h>
 #include <pk11func.h>
+#include <secoid.h>
 
 #include <errno.h>
 
@@ -545,6 +546,9 @@ sm_verify_cmsg(CamelCipherContext *conte
 
 			/* need to build digests of the content */
 			if (!NSS_CMSSignedData_HasDigests(sigd)) {
+				camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
+				goto fail;
+			} else {
 				if (extstream == NULL) {
 					camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Digests missing from enveloped data"));
 					goto fail;
@@ -572,12 +576,27 @@ sm_verify_cmsg(CamelCipherContext *conte
 					camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot calculate digests"));
 					goto fail;
 				}
-
+#if 0
 				if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) != SECSuccess) {
 					camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
 					goto fail;
 				}
-
+#else
+				{
+					int which_digest;
+					for (which_digest = 0; digests[which_digest] != NULL; which_digest++) {
+						SECOidData *digest_alg = SECOID_FindOID(&digestalgs[which_digest]->algorithm);
+						if (digest_alg == NULL) {
+							camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
+							goto fail;
+						}
+						if (NSS_CMSSignedData_SetDigestValue(sigd, digest_alg->offset, digests[which_digest]) != SECSuccess) {
+							camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM, _("Cannot set message digests"));
+							goto fail;
+						}
+					}
+				}
+#endif
 				PORT_FreeArena(poolp, PR_FALSE);
 				poolp = NULL;
 			}