Bug in SSL_get_ciphers()

Verdon Walker Wed, 15 Jan 2003 14:02:48 -0800

The code for SSL_get_ciphers has a flaw. If "s" is null, it will crash
on the "else if" statement.


STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
        {
        if ((s != NULL) && (s->cipher_list != NULL))
                {
                return(s->cipher_list);
                }
        else if ((s->ctx != NULL) &&
                (s->ctx->cipher_list != NULL))
                {
                return(s->ctx->cipher_list);
                }
        return(NULL);
        }

Note that ssl_get_ciphers_by_id() fixes the defect by introducing
another check of "(s != NULL)" in the "else if" statement. The code for
SSL_get_ciphers() should do the same.

Verdon Walker
(801) 861-2633
[EMAIL PROTECTED]
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Bug in SSL_get_ciphers()

Reply via email to