Fix buffer overflow in SSL_get_shared_ciphers() function.

(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team]
2006-09-28 13:18:43 +00:00
parent cbb92dfaf0
commit 3ff55e9680
4 changed files with 25 additions and 3 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1272,7 +1272,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
-			if (len-- == 0)
+			if (len-- <= 0)
 				{
 				*p='\0';
 				return(buf);