[Commits] [SCM] claws branch, master, updated. 3.15.0-35-geb0e68e

ticho at claws-mail.org ticho at claws-mail.org
Sat Apr 22 10:35:14 CEST 2017 

The branch, master has been updated
       via  eb0e68e67ab59adbe44435d3ccd55ae0ce47c14d (commit)
      from  ab847472955f979cb63bf0a9b576383e51ef5094 (commit)

Summary of changes:
 src/ssl_manager.c |   30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)


- Log -----------------------------------------------------------------
commit eb0e68e67ab59adbe44435d3ccd55ae0ce47c14d
Author: Andrej Kacian <ticho at claws-mail.org>
Date:   Sat Apr 22 10:34:30 2017 +0200

    Fix get_serverport() in ssl_manager.c to better handle bad filenames.

diff --git a/src/ssl_manager.c b/src/ssl_manager.c
index 623d2f9..270f1d7 100644
--- a/src/ssl_manager.c
+++ b/src/ssl_manager.c
@@ -219,12 +219,20 @@ static gboolean get_serverport(const gchar *str, gchar **server, gchar **port)
 
 	g_return_val_if_fail(str != NULL, FALSE);
 
-	for (prevpos = str, pos = strstr(str, ".") + 1;
+	/* We expect 'host.name.port.cert' here, only set
+	 * server and port if we find that.
+	 * Validity of string in port should be checked by caller. */
+	for (prevpos = str, pos = strstr(str, ".");
 			pos != NULL;
-			prevpos = pos, pos = strstr(pos, ".") + 1) {
-		if (!strcmp(pos, "cert") || !strcmp(pos, "cert.chain")) {
-			*server = strndup(str, prevpos - str - 1);
-			*port = strndup(prevpos, pos - prevpos - 1);
+			prevpos = pos, pos = strstr(pos+1, ".")) {
+		if (!strcmp(pos, ".cert")) {
+			if (prevpos > str) {
+				*server = strndup(str, prevpos - str);
+				*port = strndup(prevpos+1, pos - prevpos - 1);
+			} else {
+				*server = *port = NULL;
+			}
+
 			return TRUE;
 		}
 	}
@@ -317,11 +325,15 @@ static void ssl_manager_load_certs (void)
 
 		get_serverport(d, &server, &port);
 		fp = get_fingerprint(d);
-		
-		cert = ssl_certificate_find(server, atoi(port), fp);
 
-		ssl_manager_list_view_insert_cert(manager.certlist, NULL, 
-						  server, port, cert);
+		if (server != NULL && port != NULL) {
+			gint portnum = atoi(port);
+			if (portnum > 0 && portnum <= 65535) {
+				cert = ssl_certificate_find(server, portnum, fp);
+				ssl_manager_list_view_insert_cert(manager.certlist, NULL,
+						server, port, cert);
+			}
+		}
 		
 		g_free(server);
 		g_free(port);

-----------------------------------------------------------------------


hooks/post-receive
-- 
Claws Mail

More information about the Commits mailing list