Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:beerserc
openssl098e
openssl-0.9.8b-cve-2007-5135.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-0.9.8b-cve-2007-5135.patch of Package openssl098e
Possible one byte buffer overflow in SSL_get_shared_ciphers. CVE-2007-5135 diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c --- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200 +++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200 @@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) { char *p; - const char *cp; STACK_OF(SSL_CIPHER) *sk; SSL_CIPHER *c; int i; @@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL * sk=s->session->ciphers; for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { - /* Decrement for either the ':' or a '\0' */ - len--; + int n; + c=sk_SSL_CIPHER_value(sk,i); - for (cp=c->name; *cp; ) + n=strlen(c->name); + if (n+1 > len) { - if (len-- <= 0) - { - *p='\0'; - return(buf); - } - else - *(p++)= *(cp++); + if (p != buf) + --p; + *p='\0'; + return buf; } + strcpy(p,c->name); + p+=n; *(p++)=':'; + len-=n+1; } p[-1]='\0'; return(buf);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor