Assorted bug fixes.

Minor read-only use after free. OpenSSL 3.0 tweaks.

4 files changed, 35 insertions, 22 deletions

diff --git a/pcp/pcpnet.c b/pcp/pcpnet.c
index e654681..8ffea6b 100644
--- a/pcp/pcpnet.c
+++ b/pcp/pcpnet.c
@@ -1587,6 +1587,7 @@ static int listallevents(struct PCPnet *pn, struct PCP_list_all *la)
 				if (rc == 0)
 					rc= (*la->callback_func)
 						(la, la->callback_arg);
+				la->event_id=NULL; /* gcc warning fix */
 			}
 		}
 		if (s > 0)
diff --git a/sqwebmail/ChangeLog b/sqwebmail/ChangeLog
index ea1a963..02d814f 100644
--- a/sqwebmail/ChangeLog
+++ b/sqwebmail/ChangeLog
@@ -2,10 +2,11 @@
 
 2022-05-22  Sam Varshavchik  <mrsam@courier-mta.com>
 
-	* gcc 12 and autotools update. Fix minor use after free bugs
+	* gcc 12 and autotools update. Fix minor use after free bugs:
 	when showing links to decoded PGP attachments, and if the
 	calendar module is enabled, and the calendaring server runs out
-	of disk space.
+	of disk space; when updating the index file. Freed memory was
+	read before any additional allocations took place.
 
 2022-04-14  Sam Varshavchik  <mrsam@courier-mta.com>
 
diff --git a/sqwebmail/maildir.c b/sqwebmail/maildir.c
index fd12182..f22062e 100644
--- a/sqwebmail/maildir.c
+++ b/sqwebmail/maildir.c
@@ -927,6 +927,7 @@ static int do_msgmove(const char *from,
 			{
 				free(destdir);
 				enomem();
+				exit(0); /* gcc warning fix */
 			}
 			strcat(strcpy(p, destdir), "/shared");
 			free(destdir);
@@ -3046,23 +3047,24 @@ static void maildir_save_start(const char *folder,
 	save_time=t;
 #if 1
 	{
-	  int f = -1;
-	  char *tmpfname = alloc_filename(maildir,
-					   "", MAILDIRCURCACHE ".nfshack");
-	  if (tmpfname) {
-	    f = open(tmpfname, O_CREAT|O_WRONLY, 0600);
-	    free(tmpfname);
-	  }
-	  if (f != -1) {
-	    struct stat s;
-	    if (write(f, ".", 1) != 1)
-		    ; /* ignore */
-	    fsync(f);
-	    if (fstat(f, &s) == 0)
-	      save_time = s.st_mtime;
-	    close(f);
-	    unlink(tmpfname);
-	  }
+		int f = -1;
+		char *tmpfname = alloc_filename(maildir,
+						"", MAILDIRCURCACHE ".nfshack");
+		if (tmpfname) {
+			f = open(tmpfname, O_CREAT|O_WRONLY, 0600);
+
+			if (f != -1) {
+				struct stat s;
+				if (write(f, ".", 1) != 1)
+					; /* ignore */
+				fsync(f);
+				if (fstat(f, &s) == 0)
+					save_time = s.st_mtime;
+				close(f);
+				unlink(tmpfname);
+			}
+			free(tmpfname);
+		}
 	}
 #endif
 
diff --git a/tcpd/libcouriertls.c b/tcpd/libcouriertls.c
index 22b9593..44ba121 100644
--- a/tcpd/libcouriertls.c
+++ b/tcpd/libcouriertls.c
@@ -426,10 +426,19 @@ static void load_dh_params(SSL_CTX *ctx, const char *filename,
 		{
 			if (EVP_PKEY_is_a(pkey, "DH"))
 			{
-				SSL_CTX_set0_tmp_dh_pkey(ctx, pkey);
-				*cert_file_flags = 1;
+				if (SSL_CTX_set0_tmp_dh_pkey(ctx, pkey))
+				{
+					*cert_file_flags = 1;
+				}
+				else
+				{
+					EVP_PKEY_free(pkey);
+				}
+			}
+			else
+			{
+				EVP_PKEY_free(pkey);
 			}
-			EVP_PKEY_free(pkey);
 		}
 
 #else