File msmtp-1.4.x_null_byte_in_cert_check.patch of Package msmtp

Index: src/msmtp.c
===================================================================
--- src/msmtp.c.orig	2008-06-03 02:02:26.000000000 +0200
+++ src/msmtp.c	2009-11-20 16:56:06.372093206 +0100
@@ -3058,6 +3058,7 @@ int msmtp_get_conffile_accounts(list_t *
     list_t *user_account_list;
     list_t *lps;
     list_t *lpu;
+    int securitycheck;
     int e;
 
 
@@ -3070,8 +3071,9 @@ int msmtp_get_conffile_accounts(list_t *
     system_confdir = get_sysconfdir();
     system_conffile = get_filename(system_confdir, SYSCONFFILE);
     free(system_confdir);
-    if ((e = get_conf(system_conffile, 0, &system_account_list, &errstr)) 
-	    != CONF_EOK)
+    securitycheck = 0;
+    if ((e = get_conf(system_conffile, securitycheck,
+                    &system_account_list, &errstr)) != CONF_EOK)
     {
 	if (e == CONF_ECANTOPEN)
 	{
@@ -3112,8 +3114,13 @@ int msmtp_get_conffile_accounts(list_t *
 	real_user_conffile = get_filename(homedir, USERCONFFILE);
 	free(homedir);
     }
-    if ((e = get_conf(real_user_conffile, 1, &user_account_list, &errstr)) 
-	    != CONF_EOK)
+#ifdef W32_NATIVE
+    securitycheck = 1;
+#else
+    securitycheck = (geteuid() != 0);
+#endif
+    if ((e = get_conf(real_user_conffile, securitycheck,
+                    &user_account_list, &errstr)) != CONF_EOK)
     {
 	if (e == CONF_ECANTOPEN)
 	{
Index: src/tls.c
===================================================================
--- src/tls.c.orig	2008-06-03 02:04:38.000000000 +0200
+++ src/tls.c	2009-11-20 16:56:06.372093206 +0100
@@ -3,7 +3,7 @@
  *
  * This file is part of msmtp, an SMTP client.
  *
- * Copyright (C) 2000, 2003, 2004, 2005, 2006, 2007, 2008
+ * Copyright (C) 2000, 2003, 2004, 2005, 2006, 2007, 2008, 2009
  * Martin Lambers <marlam@marlam.de>
  *
  *   This program is free software; you can redistribute it and/or modify
@@ -806,7 +806,7 @@ int tls_check_cert(tls_t *tls, const cha
     /* needed to get the common name: */
     X509_NAME *x509_subject;
     char *buf;
-    int bufsize;
+    int length;
     /* needed to get the DNS subjectAltNames: */
     STACK *subj_alt_names;
     int subj_alt_names_count;
@@ -868,6 +868,14 @@ int tls_check_cert(tls_t *tls, const cha
 	    subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
 	    if (subj_alt_name->type == GEN_DNS) 
 	    {
+                if ((size_t)(subj_alt_name->d.ia5->length)
+                        != strlen((char *)(subj_alt_name->d.ia5->data)))
+                {
+                    *errstr = xasprintf(_("%s: certificate subject "
+                                "alternative name contains NUL"), error_msg);
+                    X509_free(x509cert);
+                    return TLS_ECERT;
+                }
 		if ((match_found = hostname_match(hostname_ascii, 
 				(char *)(subj_alt_name->d.ia5->data))))
 		{
@@ -886,12 +894,11 @@ int tls_check_cert(tls_t *tls, const cha
 	    X509_free(x509cert);
 	    return TLS_ECERT;
 	}
-	bufsize = X509_NAME_get_text_by_NID(x509_subject, NID_commonName, 
+	length = X509_NAME_get_text_by_NID(x509_subject, NID_commonName,
 		NULL, 0);
-	bufsize++;
-	buf = xmalloc((size_t)bufsize);
+	buf = xmalloc((size_t)length + 1);
 	if (X509_NAME_get_text_by_NID(x509_subject, NID_commonName, 
-		    buf, bufsize) == -1)
+		    buf, length + 1) == -1)
 	{
 	    *errstr = xasprintf(_("%s: cannot get certificate common name"),
 		    error_msg);
@@ -899,6 +906,14 @@ int tls_check_cert(tls_t *tls, const cha
 	    free(buf);
 	    return TLS_ECERT;
 	}
+        if ((size_t)length != strlen(buf))
+        {
+            *errstr = xasprintf(_("%s: certificate common name contains NUL"),
+                    error_msg);
+            X509_free(x509cert);
+            free(buf);
+            return TLS_ECERT;
+        }
 	match_found = hostname_match(hostname_ascii, buf);
 	free(buf);
     }