Fixed hostname verification of x.509 certificates.

(rhbz#688756, CVE-2011-1429)
This commit is contained in:
Honza Horák 2011-04-15 14:28:59 +02:00
parent 8056a91e0a
commit a5d2d9c94b
2 changed files with 37 additions and 1 deletions

View File

@ -0,0 +1,30 @@
diff -up mutt-1.5.21/mutt_ssl_gnutls.c.old mutt-1.5.21/mutt_ssl_gnutls.c
--- mutt-1.5.21/mutt_ssl_gnutls.c.old 2011-03-23 11:46:28.760386765 +0100
+++ mutt-1.5.21/mutt_ssl_gnutls.c 2011-03-23 14:34:45.839456449 +0100
@@ -978,6 +978,7 @@ static int tls_check_certificate (CONNEC
unsigned int cert_list_size = 0;
gnutls_certificate_status certstat;
int certerr, i, preauthrc, savedcert, rc = 0;
+ int rcpeer;
if (gnutls_auth_get_type (state) != GNUTLS_CRD_CERTIFICATE)
{
@@ -1003,6 +1004,9 @@ static int tls_check_certificate (CONNEC
for (i = 0; i < cert_list_size; i++) {
rc = tls_check_preauth(&cert_list[i], certstat, conn->account.host, i,
&certerr, &savedcert);
+ if (i == 0)
+ rcpeer = rc;
+
preauthrc += rc;
if (savedcert)
@@ -1028,7 +1032,7 @@ static int tls_check_certificate (CONNEC
dprint (1, (debugfile, "error trusting certificate %d: %d\n", i, rc));
certstat = tls_verify_peers (state);
- if (!certstat)
+ if (!certstat && !rcpeer)
return 1;
}
}

View File

@ -16,7 +16,7 @@
Summary: A text mode mail user agent Summary: A text mode mail user agent
Name: mutt Name: mutt
Version: 1.5.21 Version: 1.5.21
Release: 4%{?dist} Release: 5%{?dist}
Epoch: 5 Epoch: 5
# The entire source code is GPLv2+ except # The entire source code is GPLv2+ except
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -29,6 +29,7 @@ Patch3: mutt-1.5.18-muttrc.patch
Patch4: mutt-1.5.18-manual.patch Patch4: mutt-1.5.18-manual.patch
Patch5: mutt-1.5.21-updating.patch Patch5: mutt-1.5.21-updating.patch
Patch6: mutt-1.5.21-hdrcnt.patch Patch6: mutt-1.5.21-hdrcnt.patch
Patch7: mutt-1.5.21-testcert.patch
Url: http://www.mutt.org/ Url: http://www.mutt.org/
Requires: mailcap urlview Requires: mailcap urlview
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -70,6 +71,7 @@ for selecting groups of messages.
%patch4 -p1 -b .manual %patch4 -p1 -b .manual
%patch5 -p1 -b .updating %patch5 -p1 -b .updating
%patch6 -p1 -b .hdrcnt %patch6 -p1 -b .hdrcnt
%patch7 -p1 -b .testcert
sed -i.gpgerror 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure sed -i.gpgerror 's/`$GPGME_CONFIG --libs`/"\0 -lgpg-error"/' configure
@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man5/muttrc.* %{_mandir}/man5/muttrc.*
%changelog %changelog
* Fri Apr 15 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-5
- Fixed hostname verification of x.509 certificates.
(rhbz#688756, CVE-2011-1429)
* Tue Mar 29 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-4 * Tue Mar 29 2011 Honza Horak <hhorak@redhat.com> - 5:1.5.21-4
- Fixed segmentation faults during reading message headers (rhbz#676074) - Fixed segmentation faults during reading message headers (rhbz#676074)