diff options
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/ssl_ciph.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_rsa.c | 14 |
2 files changed, 9 insertions, 7 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index d047b8ff5d..ffdc4eab5b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1581,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, rule_p++; } - if (ok && (strlen(rule_p) > 0)) + if (ok && (rule_p[0] != '\0')) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); OPENSSL_free(ca_list); /* Not needed anymore */ diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index ae910a04da..b32a7b90bb 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -914,8 +914,9 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) long extension_length = 0; char *name = NULL; char *header = NULL; - char namePrefix1[] = "SERVERINFO FOR "; - char namePrefix2[] = "SERVERINFOV2 FOR "; + static const char namePrefix1[] = "SERVERINFO FOR "; + static const char namePrefix2[] = "SERVERINFOV2 FOR "; + unsigned int name_len; int ret = 0; BIO *bin = NULL; size_t num_extensions = 0, contextoff = 0; @@ -951,19 +952,20 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) break; } /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */ - if (strlen(name) < strlen(namePrefix1)) { + name_len = strlen(name); + if (name_len < sizeof(namePrefix1) - 1) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } - if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) { + if (strncmp(name, namePrefix1, sizeof(namePrefix1) - 1) == 0) { version = SSL_SERVERINFOV1; } else { - if (strlen(name) < strlen(namePrefix2)) { + if (name_len < sizeof(namePrefix2) - 1) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT); goto end; } - if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) { + if (strncmp(name, namePrefix2, sizeof(namePrefix2) - 1) != 0) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX); goto end; |