diff options
author | Mark J. Cox <mark@openssl.org> | 2006-09-28 13:18:43 +0000 |
---|---|---|
committer | Mark J. Cox <mark@openssl.org> | 2006-09-28 13:18:43 +0000 |
commit | 3ff55e9680cc99f330f25e48cd1422e3459c02de (patch) | |
tree | 1d0ec06ac2e93bcd761869294c1e21b682dce4a6 /ssl/ssl_lib.c | |
parent | cbb92dfaf0ec4e4bc91e729c69847f56d40d8302 (diff) |
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a8bc044cbe..44f82eb3ee 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1272,7 +1272,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) c=sk_SSL_CIPHER_value(sk,i); for (cp=c->name; *cp; ) { - if (len-- == 0) + if (len-- <= 0) { *p='\0'; return(buf); |