/[smeserver]/rpms/openssl/sme8/openssl-0.9.8b-cve-2007-5135.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-0.9.8b-cve-2007-5135.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:08 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream 
Initial import
1 wellsi 1.1 Possible one byte buffer overflow in SSL_get_shared_ciphers.
2     CVE-2007-5135
3     diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c
4     --- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200
5     +++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200
6     @@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha
7     char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
8     {
9     char *p;
10     - const char *cp;
11     STACK_OF(SSL_CIPHER) *sk;
12     SSL_CIPHER *c;
13     int i;
14     @@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL *
15     sk=s->session->ciphers;
16     for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
17     {
18     - /* Decrement for either the ':' or a '\0' */
19     - len--;
20     + int n;
21     +
22     c=sk_SSL_CIPHER_value(sk,i);
23     - for (cp=c->name; *cp; )
24     + n=strlen(c->name);
25     + if (n+1 > len)
26     {
27     - if (len-- <= 0)
28     - {
29     - *p='\0';
30     - return(buf);
31     - }
32     - else
33     - *(p++)= *(cp++);
34     + if (p != buf)
35     + --p;
36     + *p='\0';
37     + return buf;
38     }
39     + strcpy(p,c->name);
40     + p+=n;
41     *(p++)=':';
42     + len-=n+1;
43     }
44     p[-1]='\0';
45     return(buf);
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed