首页 发现 帮助
登录
noah
/
isync
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

fix uninitialized variable read

this is basically a security fix for nonsensical configurations:
if the specified CertificateFile did not contain any certificates,
we *might* have accepted an arbitrary server certificate.
Oswald Buddenhagen 15 年之前
父节点
516c3bfa99
当前提交
db2bbbfef8
共有 1 个文件被更改,包括 1 次插入0 次删除
合并视图 显示文件统计
  1. 1 0
      src/drv_imap.c

+ 1 - 0
src/drv_imap.c
查看文件 

@@ -255,6 +255,7 @@ verify_cert( imap_store_t *ctx )
 
 			       srvc->cert_file, strerror( errno ) );
 
 			       srvc->cert_file, strerror( errno ) );
 
 			return 0;
 
 			return 0;
 
 		}
 
 		}
 
+		err = -1;
 
 		for (lcert = 0; READ_X509_KEY( fp, &lcert ); )
 
 		for (lcert = 0; READ_X509_KEY( fp, &lcert ); )
 
 			if (!(err = compare_certificates( lcert, cert, md, n )))
 
 			if (!(err = compare_certificates( lcert, cert, md, n )))
 
 				break;
 
 				break;