On 08/05/2017 12:10:00 AM Sat, Zhouyang Jia wrote:
> I'm new to Balsa, I analyzed the source code and found a potential bug that
> may cause crash.
> In balsa-2.5.3/libbalsa/imap/imap-tls.c:174:26, if "SSL_CTX_new" failed to
> initialize the SSL context, "SSL_CTX_set_options" would cause a crash since
> "global_ssl_context" is null.
> I think it's unsafe to assume that the library function would be correct.
> It would be better if we could handle the error properly.
> Attached please find the patch against version balsa-2.5.3. Hopefully, it
> can solve this potential bug.
Welcome to the list!
Thanks for the patch--failing to make a connection is certainly a better way to handle an SSL error than crashing!
We'll look forward to any other contributions you make to Balsa.