generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix ordering of compare functions: strncmp() must be used first, a

Browse Source 
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
This commit is contained in:
Lutz Jänicke 2003-04-08 06:31:36 +00:00
parent 0b55368306
commit f65a75786b
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ssl/ssl_ciph.c
View File

@ -715,13 +715,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* So additionally check whether the cipher name found * So additionally check whether the cipher name found
* has the correct length. We can save a strlen() call: * has the correct length. We can save a strlen() call:
* just checking for the '\0' at the right place is * just checking for the '\0' at the right place is
* sufficient, we have to strncmp() anyway. * sufficient, we have to strncmp() anyway. (We cannot
* use strcmp(), because buf is not '\0' terminated.)
*/ */
j = found = 0; j = found = 0;
while (ca_list[j]) while (ca_list[j])
{ {
if ((ca_list[j]->name[buflen] == '\0') && if (!strncmp(buf, ca_list[j]->name, buflen) &&
!strncmp(buf, ca_list[j]->name, buflen)) (ca_list[j]->name[buflen] == '\0'))
{ {
found = 1; found = 1;
break; break;