diff options
author | Lutz Jänicke <jaenicke@openssl.org> | 2003-04-08 10:28:34 +0400 |
---|---|---|
committer | Lutz Jänicke <jaenicke@openssl.org> | 2003-04-08 10:28:34 +0400 |
commit | a157379adcc5ae6650c7584bd7c34af5469a988b (patch) | |
tree | 08ff981d23b95560ea8ccaebad728e60b017fee8 /ssl | |
parent | 1ed38156502abbbaa69a6f298234bb4b18910253 (diff) |
Fix ordering of compare functions: strncmp() must be used first, as it
the cipher name in the list is not guaranteed to be at least "buflen"
long.
PR: 567
Submitted by: "Matt Harren" <matth@cs.berkeley.edu>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_ciph.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c72be89e9a..888b667fa1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -668,13 +668,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str, * So additionally check whether the cipher name found * has the correct length. We can save a strlen() call: * just checking for the '\0' at the right place is - * sufficient, we have to strncmp() anyway. + * sufficient, we have to strncmp() anyway. (We cannot + * use strcmp(), because buf is not '\0' terminated.) */ j = found = 0; while (ca_list[j]) { - if ((ca_list[j]->name[buflen] == '\0') && - !strncmp(buf, ca_list[j]->name, buflen)) + if (!strncmp(buf, ca_list[j]->name, buflen) && + (ca_list[j]->name[buflen] == '\0')) { found = 1; break; |