fix uninitialized variable read

this is basically a security fix for nonsensical configurations:
if the specified CertificateFile did not contain any certificates,
we *might* have accepted an arbitrary server certificate.
This commit is contained in:
Oswald Buddenhagen 2010-04-05 13:06:58 +02:00
parent 516c3bfa99
commit db2bbbfef8

View File

@ -255,6 +255,7 @@ verify_cert( imap_store_t *ctx )
srvc->cert_file, strerror( errno ) ); srvc->cert_file, strerror( errno ) );
return 0; return 0;
} }
err = -1;
for (lcert = 0; READ_X509_KEY( fp, &lcert ); ) for (lcert = 0; READ_X509_KEY( fp, &lcert ); )
if (!(err = compare_certificates( lcert, cert, md, n ))) if (!(err = compare_certificates( lcert, cert, md, n )))
break; break;