[mail-notification] Fixed a stack overflow in SSL code

[Erik van Pienbroek]

commit 1a08be0877a4d56011f16d1e00b8ca0bbd9e0f53
Author: Erik van Pienbroek <epienbro at fedoraproject.org>
Date:   Thu Apr 5 16:39:55 2012 +0200

    Fixed a stack overflow in SSL code
    
    Fixed a stack overflow which occured while verifying SSL certificates for POP3 and IMAP mailboxes. RHBZ #810054

 ...erflow-in-verify-ssl-certificate-function.patch |   19 +++++++++++++++++++
 mail-notification.spec                             |   12 +++++++++++-
 2 files changed, 30 insertions(+), 1 deletions(-)
---
diff --git a/mail-notification-5.4-prevent-stack-overflow-in-verify-ssl-certificate-function.patch b/mail-notification-5.4-prevent-stack-overflow-in-verify-ssl-certificate-function.patch
new file mode 100644
index 0000000..737089f
--- /dev/null
+++ b/mail-notification-5.4-prevent-stack-overflow-in-verify-ssl-certificate-function.patch
@@ -0,0 +1,19 @@
+--- src/mn-client-session.c.orig	2012-04-05 16:13:12.078530159 +0200
++++ src/mn-client-session.c	2012-04-05 16:18:30.823859820 +0200
+@@ -679,7 +679,7 @@
+       else
+ 	{
+ 	  unsigned char md5sum[16];
+-	  unsigned char fingerprint[40];
++	  unsigned char fingerprint[49];
+ 	  int md5len;
+ 	  int i;
+ 	  unsigned char *f;
+@@ -687,6 +687,7 @@
+ 	  /* calculate the MD5 hash of the raw certificate */
+ 	  md5len = sizeof(md5sum);
+ 	  X509_digest(cert, EVP_md5(), md5sum, &md5len);
++	  memset(fingerprint, 0, sizeof(fingerprint));
+ 	  for (i = 0, f = fingerprint; i < 16; i++, f += 3)
+ 	    sprintf(f, "%.2x%c", md5sum[i], i != 15 ? ':' : '\0');
+ 
diff --git a/mail-notification.spec b/mail-notification.spec
index 2effea1..c1d5466 100644
--- a/mail-notification.spec
+++ b/mail-notification.spec
@@ -1,6 +1,6 @@
 Name:           mail-notification
 Version:        5.4
-Release:        53%{?dist}
+Release:        54%{?dist}
 Summary:        Status icon that informs you if you have new mail
 
 Group:          Applications/Internet
@@ -24,6 +24,7 @@ Patch13:	popup-markup.patch
 Patch14:	mail-notification-5.4-make-properties-dialog-resizable.patch
 Patch15:	mail-notification-5.4-prevent-memory-corruption-in-tooltips-code.patch
 Patch16:	mail-notification-5.4-libemail.patch
+Patch17:	mail-notification-5.4-prevent-stack-overflow-in-verify-ssl-certificate-function.patch
 
 BuildRequires:  gettext
 BuildRequires:  desktop-file-utils, scrollkeeper
@@ -110,6 +111,11 @@ Evolution support for Mail Notification.
 # Prevent memory corruption in the tooltips code
 %patch15 -p0 -b .tooltips_mem_corruption
 
+# Prevent stack overflow in the verify_ssl_certificate function
+# The POP3 and IMAP backends should only be affected by this
+# https://bugzilla.redhat.com/show_bug.cgi?id=810054
+%patch17 -p0 -b .stack_overflow_verify_ssl_certificate
+
 #  Drop #line statements in C sources generated by .gob,
 #  for the proper debuginfo package
 pushd build/src
@@ -234,6 +240,10 @@ touch --no-create %{_datadir}/icons/hicolor || :
 
 
 %changelog
+* Thu Apr  5 2012 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.4-54
+- Fixed a stack overflow which occured while verifying SSL certificates
+  for POP3 and IMAP mailboxes. RHBZ #810054
+
 * Wed Mar 21 2012 Erik van Pienbroek <epienbro at fedoraproject.org> - 5.4-53
 - Fixed a posible segfault in the evolution plugin