Commit f65a7578 authored by Lutz Jänicke's avatar Lutz Jänicke
Browse files

Fix ordering of compare functions: strncmp() must be used first, a 

the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
parent 0b553683

ssl/ssl_ciph.c

+4 −3
Original line number Diff line number Diff line
@@ -715,13 +715,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, 
			 * So additionally check whether the cipher name found

			 * has the correct length. We can save a strlen() call:

			 * just checking for the '\0' at the right place is

			 * sufficient, we have to strncmp() anyway.

			 * sufficient, we have to strncmp() anyway. (We cannot

			 * use strcmp(), because buf is not '\0' terminated.)

			 */

			 j = found = 0;

			 while (ca_list[j])

				{

				if ((ca_list[j]->name[buflen] == '\0') &&

				    !strncmp(buf, ca_list[j]->name, buflen))

				if (!strncmp(buf, ca_list[j]->name, buflen) &&

				    (ca_list[j]->name[buflen] == '\0'))

					{

					found = 1;

					break;