/[smeserver]/rpms/openssl/sme8/openssl-0.9.8b-cve-2007-5135.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-0.9.8b-cve-2007-5135.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Feb 18 03:03:08 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 Possible one byte buffer overflow in SSL_get_shared_ciphers.
2 CVE-2007-5135
3 diff -up openssl-0.9.8b/ssl/ssl_lib.c.orig openssl-0.9.8b/ssl/ssl_lib.c
4 --- openssl-0.9.8b/ssl/ssl_lib.c.orig 2007-10-08 10:20:42.000000000 +0200
5 +++ openssl-0.9.8b/ssl/ssl_lib.c 2007-10-08 17:32:29.000000000 +0200
6 @@ -1201,7 +1201,6 @@ int SSL_set_cipher_list(SSL *s,const cha
7 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
8 {
9 char *p;
10 - const char *cp;
11 STACK_OF(SSL_CIPHER) *sk;
12 SSL_CIPHER *c;
13 int i;
14 @@ -1214,20 +1213,21 @@ char *SSL_get_shared_ciphers(const SSL *
15 sk=s->session->ciphers;
16 for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
17 {
18 - /* Decrement for either the ':' or a '\0' */
19 - len--;
20 + int n;
21 +
22 c=sk_SSL_CIPHER_value(sk,i);
23 - for (cp=c->name; *cp; )
24 + n=strlen(c->name);
25 + if (n+1 > len)
26 {
27 - if (len-- <= 0)
28 - {
29 - *p='\0';
30 - return(buf);
31 - }
32 - else
33 - *(p++)= *(cp++);
34 + if (p != buf)
35 + --p;
36 + *p='\0';
37 + return buf;
38 }
39 + strcpy(p,c->name);
40 + p+=n;
41 *(p++)=':';
42 + len-=n+1;
43 }
44 p[-1]='\0';
45 return(buf);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed