From 80d4d291e5b574803e04f5a006e0407dbe014746 Mon Sep 17 00:00:00 2001
From: IKEDA Soji <ikeda@conversion.co.jp>
Date: Thu, 4 Feb 2021 10:01:31 +0900
Subject: [PATCH] bulk.pl daemon crashes if it failed to load private key
 (#1110)

There is also a case with public key.
---
 src/lib/Sympa/Message.pm | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/lib/Sympa/Message.pm b/src/lib/Sympa/Message.pm
index 0a359eed9..61c10c3bf 100644
--- a/src/lib/Sympa/Message.pm
+++ b/src/lib/Sympa/Message.pm
@@ -962,7 +962,11 @@ sub smime_encrypt {
     # encrypt the incoming message parse it.
     my $smime = Crypt::SMIME->new();
     #FIXME: Add intermediate CA certificates if any.
-    $smime->setPublicKey($cert);
+    unless (eval { $smime->setPublicKey($cert) }) {
+        $log->syslog('err', 'Unable to S/MIME encrypt message: %s',
+            $EVAL_ERROR);
+        return undef;
+    }
 
     # don't; cf RFC2633 3.1. netscape 4.7 at least can't parse encrypted
     # stuff that contains a whole header again... since MIME::Tools has
@@ -1055,9 +1059,17 @@ sub smime_sign {
     my $smime = Crypt::SMIME->new();
     #FIXME: Add intermediate CA certificates if any.
     if (length $key_passwd) {
-        $smime->setPrivateKey($key, $cert, $key_passwd);
+        unless (eval { $smime->setPrivateKey($key, $cert, $key_passwd) }) {
+            $log->syslog('err', 'Unable to S/MIME sign message: %s',
+                $EVAL_ERROR);
+            return undef;
+        }
     } else {
-        $smime->setPrivateKey($key, $cert);
+        unless (eval { $smime->setPrivateKey($key, $cert) }) {
+            $log->syslog('err', 'Unable to S/MIME sign message: %s',
+                $EVAL_ERROR);
+            return undef;
+        }
     }
     my $msg_string = eval {
         $smime->sign($dup_head->as_string . "\n" . $self->body_as_string);