Re: fix crash when SSL_CTX_new fails

From: Peter Bloomfield <PeterBloomfield bellsouth net>
To: balsa-list gnome org
Subject: Re: fix crash when SSL_CTX_new fails
Date: Sat, 05 Aug 2017 12:56:15 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Zhouyang!

On 08/05/2017 12:10:00 AM Sat, Zhouyang Jia wrote:

Hi,

I'm new to Balsa, I analyzed the source code and found a potential bug that
may cause crash.

In balsa-2.5.3/libbalsa/imap/imap-tls.c:174:26, if "SSL_CTX_new" failed to
initialize the SSL context, "SSL_CTX_set_options" would cause a crash since
"global_ssl_context" is null.

I think it's unsafe to assume that the library function would be correct.
It would be better if we could handle the error properly.

Attached please find the patch against version balsa-2.5.3. Hopefully, it
can solve this potential bug.

Best,
Zhouyang


Welcome to the list!

Thanks for the patch--failing to make a connection is certainly a better way to handle an SSL error than 
crashing!

We'll look forward to any other contributions you make to Balsa.

Best regards,

Peter
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQS030wPRfNNA5alz3MfX9S1uSp09QUCWYX4rwAKCRAfX9S1uSp0
9RRnAKCNix6y28xVr+DJO2MD1BalNj+U+wCeJKEjj2dARmhI5lQWFQGNYR4QQLs=
=0YQu
-----END PGP SIGNATURE-----

References:
- fix crash when SSL_CTX_new fails
  - From: Zhouyang Jia

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]