lobo/isync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix uninitialized variable read

Browse Source 
this is basically a security fix for nonsensical configurations:
if the specified CertificateFile did not contain any certificates,
we *might* have accepted an arbitrary server certificate.
This commit is contained in:
Oswald Buddenhagen 2010-04-05 13:06:58 +02:00
parent 516c3bfa99
commit db2bbbfef8
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/drv_imap.c
View File

@ -255,6 +255,7 @@ verify_cert( imap_store_t *ctx )
srvc->cert_file, strerror( errno ) );
return 0;
}
err = -1;
for (lcert = 0; READ_X509_KEY( fp, &lcert ); )
if (!(err = compare_certificates( lcert, cert, md, n )))
break;