Fixed hostname verification of x.509 certificates.

(rhbz#688756, CVE-2011-1429)
2011-04-15 14:28:59 +02:00 · 2011-04-15 14:28:59 +02:00 · a5d2d9c94b
commit a5d2d9c94b
parent 8056a91e0a
2 changed files with 37 additions and 1 deletions
--- a/mutt-1.5.21-testcert.patch
+++ b/mutt-1.5.21-testcert.patch
@ -0,0 +1,30 @@
 diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c
 --- mutt-1.5.21/mutt_ssl_gnutls.c.old	2011-03-23 11:46:28.760386765 +0100
 +++ mutt-1.5.21/mutt_ssl_gnutls.c	2011-03-23 14:34:45.839456449 +0100
@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC
   unsigned int cert_list_size = 0;
   gnutls_certificate_status certstat;
   int certerr, i, preauthrc, savedcert, rc = 0;
 +  int rcpeer;
   if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
   {
@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC
   for (i = 0; i < cert_list_size; i++) {
     rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
                            &certerr, &savedcert);
 +    if (i == 0)
 +      rcpeer = rc;
 +
     preauthrc += rc;
     if (savedcert)
@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC
         dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
       certstat = tls_verify_peers (state);
 -      if (!certstat)
 +      if (!certstat && !rcpeer)
         return 1;
     }
   }
--- a/mutt.spec
+++ b/mutt.spec
@ -16,7 +16,7 @@
 Summary: A text mode mail user agent
 Name: mutt
 Version: 1.5.21
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 5
 # The entire source code is GPLv2+ except
 # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -29,6 +29,7 @@ Patch3: mutt-1.5.18-muttrc.patch
 Patch4: mutt-1.5.18-manual.patch
 Patch5: mutt-1.5.21-updating.patch
 Patch6: mutt-1.5.21-hdrcnt.patch
 Patch7: mutt-1.5.21-testcert.patch
 Url: http://www.mutt.org/
 Requires: mailcap urlview
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -70,6 +71,7 @@ for selecting groups of messages.
 %patch4 -p1 -b .manual
 %patch5 -p1 -b .updating
 %patch6 -p1 -b .hdrcnt
 %patch7 -p1 -b .testcert
 sed -i.gpgerror 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure
@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man5/muttrc.*
 %changelog
 * Fri Apr 15 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-5
 - Fixed hostname verification of x.509 certificates.
  (rhbz#688756, CVE-2011-1429)
 * Tue Mar 29 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-4
 - Fixed segmentation faults during reading message headers (rhbz#676074)