[Pkg-mutt-maintainers] Bug#859652: mutt: Crashes when trying to display (or fetch) a specific S/MIME-signed message
Axel Beckert
axel at ethz.ch
Wed Apr 5 14:42:51 UTC 2017
Package: mutt
Version: 1.7.2-1
Severity: important
Tags: security
Dear Maintainer,
for the first time since upgrading to Stretch a few months ago, mutt
crashed when I pressed enter on mail -- both when viewing locally as
well as via IMAP). Starting up mutt again and trying to display that
mail again crashes again, i.e. it seems to be reproducible.
Here's a backtrace made from the coredump:
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007fd336bbc895 in __GI__IO_fputs (str=0x0, fp=0x55b6136a45d0) at iofputs.c:33
#2 0x000055b6127122dc in print_smime_keyinfo (msg=0x55b612761572 "Problem signature from:", key=key at entry=0x0, s=s at entry=0x7fff04837490, sig=<optimized out>, sig=<optimized out>) at ../../crypt-gpgme.c:1375
#3 0x000055b61271282c in show_one_sig_status (ctx=ctx at entry=0x55b6134741c0, idx=idx at entry=0, s=s at entry=0x7fff04837490) at ../../crypt-gpgme.c:1491
#4 0x000055b61271332c in verify_one (s=0x7fff04837490, tempfile=<optimized out>, is_smime=<optimized out>, sigbdy=<optimized out>, sigbdy=<optimized out>) at ../../crypt-gpgme.c:1576
#5 0x000055b61269717e in mutt_signed_handler (a=0x55b61384f900, a at entry=0x55b61386e800, s=s at entry=0x7fff04837490) at ../../crypt.c:1005
#6 0x000055b6126bf119 in run_decode_and_handler (b=b at entry=0x55b61386e800, s=s at entry=0x7fff04837490, handler=handler at entry=0x55b612696d40 <mutt_signed_handler>, plaintext=plaintext at entry=0) at ../../handler.c:1697
#7 0x000055b6126bf481 in mutt_body_handler (b=b at entry=0x55b61386e800, s=s at entry=0x7fff04837490) at ../../handler.c:1842
#8 0x000055b6126a05fb in _mutt_copy_message (fpout=fpout at entry=0x55b6136a45d0, fpin=0x55b6136b9150, hdr=hdr at entry=0x55b61386e260, body=0x55b61386e800, flags=flags at entry=2124, chflags=<optimized out>, chflags at entry=262294) at ../../copy.c:695
#9 0x000055b6126a0b6b in mutt_copy_message (fpout=0x55b6136a45d0, src=0x55b612f7bb50, hdr=hdr at entry=0x55b61386e260, flags=flags at entry=2124, chflags=262294) at ../../copy.c:783
#10 0x000055b6126987c8 in mutt_display_message (cur=0x55b61386e260) at ../../commands.c:159
#11 0x000055b6126a7f0c in mutt_index_menu () at ../../curs_main.c:2041
#12 0x000055b612688f16 in main (argc=1, argv=<optimized out>, environ=<optimized out>) at ../../main.c:896
Thunderbird can display the mail and says that the S/MIME signature is
not valid.
In case the backtrace above does not suffice to find the issue, I can
probably provide the mail in private.
I'm not 100% sure if this might be a security issue. It is at least
usable as DOS against mutt users and mutt crashes on input received from
untrusted sources. No idea if that might be used for remote code
execution or similar. So to be on the safe side, I'm tagging this as
"security".
Security team: Please remove this tag if you think that this issue does
not validate further investigation from a security point of view.
-- Package-specific info:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mutt-maintainers/attachments/20170405/d1a39e14/attachment.ksh>
-------------- next part --------------
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages mutt depends on:
ii libassuan0 2.4.3-2
ii libc6 2.24-9
ii libcomerr2 1.43.4-2
ii libgnutls30 3.5.8-3
ii libgpg-error0 1.26-2
ii libgpgme11 1.8.0-3+b2
ii libgssapi-krb5-2 1.15-1
ii libidn11 1.33-1
ii libk5crypto3 1.15-1
ii libkrb5-3 1.15-1
ii libncursesw5 6.0+20161126-1
ii libnotmuch4 0.23.7-3
ii libsasl2-2 2.1.27~101-g0780600+dfsg-3
ii libtinfo5 6.0+20161126-1
ii libtokyocabinet9 1.4.48-11+b1
Versions of packages mutt recommends:
ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3
ii locales 2.24-9
ii mime-support 3.60
Versions of packages mutt suggests:
ii aspell 0.60.7~20110707-3+b2
ii ca-certificates 20161130
ii gnupg 2.1.18-6
ii ispell 3.4.00-5
pn mixmaster <none>
ii openssl 1.1.0e-1
ii postfix [mail-transport-agent] 3.1.4-4
pn urlview <none>
Versions of packages mutt is related to:
ii mutt 1.7.2-1
-- no debconf information
More information about the Pkg-mutt-maintainers
mailing list