diff options
| author | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
|---|---|---|
| committer | Mark J. Cox <mark@openssl.org> | 2006-09-28 11:29:03 +0000 |
| commit | 951dfbb13a79bff82cef8096d2c93bc2d65a7525 (patch) | |
| tree | abc7f989e18378c7c06a5eecf6f23257fb42f53a /ssl/ssl_lib.c | |
| parent | 81780a3b6290836f3ef64eafe7143e892e7fa5cc (diff) | |
Introduce limits to prevent malicious keys being able to
cause a denial of service. (CVE-2006-2940)
[Steve Henson, Bodo Moeller]
Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service. (CVE-2006-2937) [Steve Henson]
Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
Fix SSL client code which could crash if connecting to a
malicious SSLv2 server. (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 28c90fc68e..4971b34375 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) c=sk_SSL_CIPHER_value(sk,i); for (cp=c->name; *cp; ) { - if (len-- == 0) + if (len-- <= 0) { *p='\0'; return(buf); |