--- openssl-0.9.7g/ssl/ssl_lib.c.cve-2006-3738 2005-03-23 01:21:30.000000000 -0700
+++ openssl-0.9.7g/ssl/ssl_lib.c 2006-09-26 14:32:41.000000000 -0600
@@ -1167,7 +1167,7 @@ char *SSL_get_shared_ciphers(const SSL *
c=sk_SSL_CIPHER_value(sk,i);
for (cp=c->name; *cp; )
{
- if (len-- == 0)
+ if (len-- <= 0)
{
*p='\0';
return(buf);
--- openssl-0.9.7g/ssl/s3_srvr.c.cve-2006-3738 2006-09-26 14:33:51.000000000 -0600
+++ openssl-0.9.7g/ssl/s3_srvr.c 2006-09-26 14:35:36.000000000 -0600
@@ -1727,7 +1727,7 @@ static int ssl3_get_client_key_exchange(
if (kssl_ctx->client_princ)
{
- int len = strlen(kssl_ctx->client_princ);
+ size_t len = strlen(kssl_ctx->client_princ);
if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
{
s->session->krb5_client_princ_len = len;
distrib
>
Mandriva
>
2010.2
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
7ac4fa1ea5226ba0c0c9a527c7b4a484
>
files
>
10
