fix crash when SSL_CTX_new fails

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

fix crash when SSL_CTX_new fails

Zhouyang Jia
Hi,

I'm new to Balsa, I analyzed the source code and found a potential bug that may cause crash.

In balsa-2.5.3/libbalsa/imap/imap-tls.c:174:26, if "SSL_CTX_new" failed to initialize the SSL context, "SSL_CTX_set_options" would cause a crash since "global_ssl_context" is null.

I think it's unsafe to assume that the library function would be correct. It would be better if we could handle the error properly.

Attached please find the patch against version balsa-2.5.3. Hopefully, it can solve this potential bug.

Best,
Zhouyang

_______________________________________________
balsa-list mailing list
[hidden email]
https://mail.gnome.org/mailman/listinfo/balsa-list

balsa-2.5.3.patch (894 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: fix crash when SSL_CTX_new fails

Peter Bloomfield
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Zhouyang!

On 08/05/2017 12:10:00 AM Sat, Zhouyang Jia wrote:

> Hi,
>
> I'm new to Balsa, I analyzed the source code and found a potential bug that
> may cause crash.
>
> In balsa-2.5.3/libbalsa/imap/imap-tls.c:174:26, if "SSL_CTX_new" failed to
> initialize the SSL context, "SSL_CTX_set_options" would cause a crash since
> "global_ssl_context" is null.
>
> I think it's unsafe to assume that the library function would be correct.
> It would be better if we could handle the error properly.
>
> Attached please find the patch against version balsa-2.5.3. Hopefully, it
> can solve this potential bug.
>
> Best,
> Zhouyang

Welcome to the list!

Thanks for the patch--failing to make a connection is certainly a better way to handle an SSL error than crashing!

We'll look forward to any other contributions you make to Balsa.

Best regards,

Peter
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQS030wPRfNNA5alz3MfX9S1uSp09QUCWYX4rwAKCRAfX9S1uSp0
9RRnAKCNix6y28xVr+DJO2MD1BalNj+U+wCeJKEjj2dARmhI5lQWFQGNYR4QQLs=
=0YQu
-----END PGP SIGNATURE-----
_______________________________________________
balsa-list mailing list
[hidden email]
https://mail.gnome.org/mailman/listinfo/balsa-list
Loading...