summaryrefslogtreecommitdiff
path: root/neomutt/3090.patch
blob: 25e14ebb66660c04d58556c55ad13c8b5d979c9e (plain) 
    1 From 91444b047466d8c9e331447bb257ff6498de47a4 Mon Sep 17 00:00:00 2001
    2 From: Jonas Witschel <git@diabonas.de>
    3 Date: Sat, 23 Oct 2021 14:31:17 +0200
    4 Subject: [PATCH] Fix use after free of a->mailbox due to missing strdup
    5 
    6 Commit 87ae932bcae3f229d681af9848015ba49049a581 ("Directly add full mailbox to
    7 GPG search hints") changed crypt_add_string_to_hints(a->mailbox, &hints) to
    8 mutt_list_insert_tail(&hints, a->mailbox). However, there is a behavioural
    9 difference between the two functions: crypt_add_string_to_hints() adds a copy
   10 of the string to the list, while mutt_list_insert_tail() does not. This leads
   11 to a crash because the original a->mailbox is freed prematurely as part of the
   12 hints list. Fix this by adding a copy of the original to the list instead.
   13 
   14 Note that commit 87ae932bcae3f229d681af9848015ba49049a581 originally came from
   15 Mutt. Upstream is not affected by this however because their mutt_add_list()
   16 functions always copies the data.
   17 ---
   18  ncrypt/crypt_gpgme.c | 2 +-
   19  ncrypt/pgpkey.c      | 2 +-
   20  2 files changed, 2 insertions(+), 2 deletions(-)
   21 
   22 diff --git a/ncrypt/crypt_gpgme.c b/ncrypt/crypt_gpgme.c
   23 index 8cd70fd626..50c588a275 100644
   24 --- a/ncrypt/crypt_gpgme.c
   25 +++ b/ncrypt/crypt_gpgme.c
   26 @@ -3581,7 +3581,7 @@ static struct CryptKeyInfo *crypt_getkeybyaddr(struct Address *a,
   27    *forced_valid = 0;
   28  
   29    if (a && a->mailbox)
   30 -    mutt_list_insert_tail(&hints, a->mailbox);
   31 +    mutt_list_insert_tail(&hints, mutt_str_dup(a->mailbox));
   32    if (a && a->personal)
   33      crypt_add_string_to_hints(a->personal, &hints);
   34  
   35 diff --git a/ncrypt/pgpkey.c b/ncrypt/pgpkey.c
   36 index 665f9afe41..45ceb8b8ad 100644
   37 --- a/ncrypt/pgpkey.c
   38 +++ b/ncrypt/pgpkey.c
   39 @@ -369,7 +369,7 @@ struct PgpKeyInfo *pgp_getkeybyaddr(struct Address *a, KeyFlags abilities,
   40    struct PgpUid *q = NULL;
   41  
   42    if (a->mailbox)
   43 -    mutt_list_insert_tail(&hints, a->mailbox);
   44 +    mutt_list_insert_tail(&hints, mutt_str_dup(a->mailbox));
   45    if (a->personal)
   46      pgp_add_string_to_hints(a->personal, &hints);
   47

Generated by cgit