413151 – mail-client/mutt-1.5.21-r1 NULL pointer dereference while checking PGP signature notation

Bug 413151 - mail-client/mutt-1.5.21-r1 NULL pointer dereference while checking PGP signature notation

Summary: mail-client/mutt-1.5.21-r1 NULL pointer dereference while checking PGP signat...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Fabian Groffen

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-22 21:00 UTC by Petr Pisar
Modified:	2012-04-28 15:05 UTC (History)
CC List:	1 user (show)

See Also:	http://dev.mutt.org/trac/ticket/3574
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Pisar 2012-04-22 21:00:23 UTC

There is an upstream report that while verifying PGP signature using crypt_use_gpgme=true, one can get segfault if the signature specify policy URL. In that case gpgme returns NULL signature notation name and mutt passes the NULL to strcmp() which leads to segfault. See <http://dev.mutt.org/trac/ticket/3574> for more details, especially for a reproducer and a proposed fix.

Comment 1 Fabian Groffen gentoo-dev

2012-04-24 16:50:00 UTC

The upstream ticket is on the radar, I'm waiting a little time for the maintainers to hopefully push your patch so it's an easy one to bring over to the gentoo-1.5.21 branch.

Comment 2 Fabian Groffen gentoo-dev

2012-04-28 15:05:33 UTC

Got tired of waiting, applied it in the meantime in 1.5.21-r9, thanks!