* CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
(Closes: #444435)
Kurt Roeckx
16 years ago
| 0 | openssl (0.9.8e-9) unstable; urgency=high | |
| 1 | ||
| 2 | * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers(). | |
| 3 | (Closes: #444435) | |
| 4 | ||
| 5 | -- Kurt Roeckx <kurt@roeckx.be> Fri, 28 Sep 2007 19:47:33 +0200 | |
| 6 | ||
| 0 | 7 | openssl (0.9.8e-8) unstable; urgency=low |
| 1 | 8 | |
| 2 | 9 | * Fix another case of the "if this code is reached, the program will abort" |
| 56 | 56 | if [ "$1" = "configure" ] |
| 57 | 57 | then |
| 58 | 58 | if [ ! -z "$2" ]; then |
| 59 | if dpkg --compare-versions "$2" lt 0.9.8c-2; then | |
| 59 | if dpkg --compare-versions "$2" lt 0.9.8e-9; then | |
| 60 | 60 | echo -n "Checking for services that may need to be restarted..." |
| 61 | 61 | |
| 62 | 62 | check="sendmail openssh-server" |
| 1200 | 1200 | char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) |
| 1201 | 1201 | { |
| 1202 | 1202 | char *p; |
| 1203 | const char *cp; | |
| 1204 | 1203 | STACK_OF(SSL_CIPHER) *sk; |
| 1205 | 1204 | SSL_CIPHER *c; |
| 1206 | 1205 | int i; |
| 1213 | 1212 | sk=s->session->ciphers; |
| 1214 | 1213 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
| 1215 | 1214 | { |
| 1216 | /* Decrement for either the ':' or a '\0' */ | |
| 1217 | len--; | |
| 1215 | int n; | |
| 1216 | ||
| 1218 | 1217 | c=sk_SSL_CIPHER_value(sk,i); |
| 1219 | for (cp=c->name; *cp; ) | |
| 1218 | n=strlen(c->name); | |
| 1219 | if (n+1 > len) | |
| 1220 | 1220 | { |
| 1221 | if (len-- <= 0) | |
| 1222 | { | |
| 1223 | *p='\0'; | |
| 1224 | return(buf); | |
| 1225 | } | |
| 1226 | else | |
| 1227 | *(p++)= *(cp++); | |
| 1221 | if (p != buf) | |
| 1222 | --p; | |
| 1223 | *p='\0'; | |
| 1224 | return buf; | |
| 1228 | 1225 | } |
| 1226 | strcpy(p,c->name); | |
| 1227 | p+=n; | |
| 1229 | 1228 | *(p++)=':'; |
| 1229 | len-=n+1; | |
| 1230 | 1230 | } |
| 1231 | 1231 | p[-1]='\0'; |
| 1232 | 1232 | return(buf); |