Bug#310184: openssl: garbled error message when verifying smime message

[Matijs van Zuijlen]

Package: openssl
Version: 0.9.7g-1
Severity: normal
Tags: patch

When the smime application encounters the wrong type of signature[1], the
type name is garbled before it is copied to the error message. The result
is output like so:

  Error reading S/MIME message
  17130:error:2107A08D:PKCS7 routines:SMIME_read_PKCS7:sig invalid mime
  type:pk7_mime.c:281:type: type؈ication/pgp-signature

The attached patch solves the problem by creating the error message before
freeing the data structure that contains the type name.

[1] This occurs when mutt tries to verify a message that is signed both
with pgp and with smime.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-powerpc
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages openssl depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libssl0.9.7                 0.9.7g-1     SSL shared libraries

-- no debconf information

--- openssl-0.9.7g/crypto/pkcs7/pk7_mime.c.orig 2005-05-22 11:56:41.132565857 
+0200
+++ openssl-0.9.7g/crypto/pkcs7/pk7_mime.c      2005-05-22 11:56:47.829394714 
+0200
@@ -277,9 +277,9 @@
 
                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        
PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
                        ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }