File openssl-CVE-2006-3738.patch of Package compat-openssl097g

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2006-3738.patch of Package compat-openssl097g

Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer 
overflow in SSL_get_shared_ciphers utility function, used by some 
applications such as exim and mysql.  An attacker could send a list of 
ciphers that would overrun a buffer CVE-2006-3738

--- ssl/ssl_lib.c	2005-12-05 18:32:21.000000000 +0100
+++ ssl/ssl_lib.c	2006-09-26 17:11:51.000000000 +0200
@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *
 		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
-			if (len-- == 0)
+ 			if (len-- <= 0)
 				{
 				*p='\0';
 				return(buf);
--- ssl/s3_srvr.c	2006-02-08 20:16:33.000000000 +0100
+++ ssl/s3_srvr.c	2006-09-26 17:13:40.000000000 +0200
@@ -2003,7 +2003,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 
                 if (kssl_ctx->client_princ)
                         {
-                        int len = strlen(kssl_ctx->client_princ);
+                        size_t len = strlen(kssl_ctx->client_princ);
                         if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
                                 {
                                 s->session->krb5_client_princ_len = len;

Places

File openssl-CVE-2006-3738.patch of Package compat-openssl097g

Places