* CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
(Closes: #444435)
Kurt Roeckx
16 years ago
0 | openssl (0.9.8e-9) unstable; urgency=high | |
1 | ||
2 | * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). | |
3 | (Closes: #444435) | |
4 | ||
5 | -- Kurt Roeckx <kurt@roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200 | |
6 | ||
0 | 7 | openssl (0.9.8e-8) unstable; urgency=low |
1 | 8 | |
2 | 9 | * Fix another case of the "if this code is reached, the program will abort" |
56 | 56 | if [ "$1" = "configure" ] |
57 | 57 | then |
58 | 58 | if [ ! -z "$2" ]; then |
59 | if dpkg --compare-versions "$2" lt 0.9.8c-2; then | |
59 | if dpkg --compare-versions "$2" lt 0.9.8e-9; then | |
60 | 60 | echo -n "Checking for services that may need to be restarted..." |
61 | 61 | |
62 | 62 | check="sendmail openssh-server" |
1200 | 1200 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) |
1201 | 1201 | { |
1202 | 1202 | char *p; |
1203 | const char *cp; | |
1204 | 1203 | STACK_OF(SSL_CIPHER) *sk; |
1205 | 1204 | SSL_CIPHER *c; |
1206 | 1205 | int i; |
1213 | 1212 | sk=s->session->ciphers; |
1214 | 1213 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
1215 | 1214 | { |
1216 | /* Decrement for either the ':' or a '\0' */ | |
1217 | len--; | |
1215 | int n; | |
1216 | ||
1218 | 1217 | c=sk_SSL_CIPHER_value(sk,i); |
1219 | for (cp=c->name; *cp; ) | |
1218 | n=strlen(c->name); | |
1219 | if (n+1 > len) | |
1220 | 1220 | { |
1221 | if (len-- <= 0) | |
1222 | { | |
1223 | *p='\0'; | |
1224 | return(buf); | |
1225 | } | |
1226 | else | |
1227 | *(p++)= *(cp++); | |
1221 | if (p != buf) | |
1222 | --p; | |
1223 | *p='\0'; | |
1224 | return buf; | |
1228 | 1225 | } |
1226 | strcpy(p,c->name); | |
1227 | p+=n; | |
1229 | 1228 | *(p++)=':'; |
1229 | len-=n+1; | |
1230 | 1230 | } |
1231 | 1231 | p[-1]='\0'; |
1232 | 1232 | return(buf); |