From d7db335df7367b96b094e8b886c161f4de11f525 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Mon, 17 Aug 2009 17:16:35 +0000 Subject: Fix free() of unallocated memory on intact/non-verbose SSL-connections. Problem was improper scoping of xfree(tt). Patch courtesy of Thomas Heinz. Fixes Gentoo bug #280760. svn path=/branches/BRANCH_6-3/; revision=5415 --- NEWS | 9 +++++++++ socket.c | 5 +++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 8b3c074a..abf07101 100644 --- a/NEWS +++ b/NEWS @@ -51,6 +51,15 @@ removed from a 6.4.0 or newer release.) fetchmail 6.3.12 (released XXXX-XX-XX - not yet): +# REGRESSION FIXES +* The CVS-2009-2666 fix in fetchmail release 6.3.11 caused a free() of + unallocated memory on SSL connections, which caused crashes or program aborts + on some systems (depending on how initialization and free() of unallocated + memory is handled in compiler and libc). + Patch courtesy of Thomas Heinz, fixes Gentoo Bug #280760. + This regression affected only the 6.3.11 release, but not the patch that was + part of the security announcement fetchmail-SA-2009-01. + # TRANSLATION UPDATES AND ADDITIONS (ordered by language name): * [ca] Catalan (Ernest Adrogué Calveras) * [cs] Czech (Petr Pisar) diff --git a/socket.c b/socket.c index 21924260..c245b3d4 100644 --- a/socket.c +++ b/socket.c @@ -628,9 +628,10 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) report(stdout, GT_("Unknown Issuer CommonName\n")); } if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) { - if (outlevel >= O_VERBOSE) + if (outlevel >= O_VERBOSE) { report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i))); - xfree(tt); + xfree(tt); + } if ((size_t)i >= sizeof(buf) - 1) { /* Possible truncation. In this case, this is a DNS name, so this * is really bad. We do not tolerate this even in the non-strict case. */ -- cgit v1.2.3