From f65a75786b4eaf633ffab2ccb52f2c0dd51d268d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Lutz=20J=C3=A4nicke?= Date: Tue, 8 Apr 2003 06:31:36 +0000 Subject: [PATCH] Fix ordering of compare functions: strncmp() must be used first, a the cipher name in the list is not guaranteed to be at least "buflen" long. PR: 567 Submitted by: "Matt Harren" --- ssl/ssl_ciph.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d4f86f6ed9..f175dc8756 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -715,13 +715,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * So additionally check whether the cipher name found * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. + * sufficient, we have to strncmp() anyway. (We cannot + * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; while (ca_list[j]) { - if ((ca_list[j]->name[buflen] == '\0') && - !strncmp(buf, ca_list[j]->name, buflen)) + if (!strncmp(buf, ca_list[j]->name, buflen) && + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; -- 2.25.1