Lingering "security" fix.
authorBen Laurie <ben@openssl.org>
Wed, 19 Sep 2007 12:16:21 +0000 (12:16 +0000)
committerBen Laurie <ben@openssl.org>
Wed, 19 Sep 2007 12:16:21 +0000 (12:16 +0000)
ssl/ssl_lib.c

index 31fd26d41bc8aaf4a93a98ef0a58fbdd7d620a24..73707aab9b54d230de00392f13495826465b2230 100644 (file)
@@ -1210,7 +1210,6 @@ int SSL_set_cipher_list(SSL *s,const char *str)
 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        {
        char *p;
-       const char *cp;
        STACK_OF(SSL_CIPHER) *sk;
        SSL_CIPHER *c;
        int i;
@@ -1223,20 +1222,21 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        sk=s->session->ciphers;
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
-               /* Decrement for either the ':' or a '\0' */
-               len--;
+               int n;
+
                c=sk_SSL_CIPHER_value(sk,i);
-               for (cp=c->name; *cp; )
+               n=strlen(c->name);
+               if (n+1 > len)
                        {
-                       if (len-- <= 0)
-                               {
-                               *p='\0';
-                               return(buf);
-                               }
-                       else
-                               *(p++)= *(cp++);
+                       if (p != buf)
+                               --p;
+                       *p='\0';
+                       return buf;
                        }
+               strcpy(p,c->name);
+               p+=n;
                *(p++)=':';
+               len-=n+1;
                }
        p[-1]='\0';
        return(buf);