Fix buffer overflow in SSL_get_shared_ciphers() function.

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
author: Mark J. Cox <mark@openssl.org> 2006-09-28 13:18:43 +0000
committer: Mark J. Cox <mark@openssl.org> 2006-09-28 13:18:43 +0000
commit: 3ff55e9680cc99f330f25e48cd1422e3459c02de (patch)
tree: 1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/ssl_lib.c
parent: cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a8bc044cbe..44f82eb3ee 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1272,7 +1272,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
-			if (len-- == 0)
+			if (len-- <= 0)
 				{
 				*p='\0';
 				return(buf);
author	Mark J. Cox <mark@openssl.org>	2006-09-28 13:18:43 +0000
committer	Mark J. Cox <mark@openssl.org>	2006-09-28 13:18:43 +0000
commit	3ff55e9680cc99f330f25e48cd1422e3459c02de (patch)
tree	1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/ssl_lib.c
parent	cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff)