Fix tls-cipher when invalid ciphers are given

author: Arne Schwabe <arne@rfc2549.org> 2013-04-06 19:45:45 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2013-04-06 19:45:45 +0200
commit: ad2256b6fe9c211d06321d99590cb457427d8e7d (patch)
tree: 7ababad910b2fcbbf591b06a6255e765c8ac9f52
parent: f50f5b550a8c3c7bd6333d1e4a42f8d7e10bbe05 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/openvpn/src/openvpn/ssl_openssl.c b/openvpn/src/openvpn/ssl_openssl.c
index 1006617c..79cc056e 100644
--- a/openvpn/src/openvpn/ssl_openssl.c
+++ b/openvpn/src/openvpn/ssl_openssl.c
@@ -217,8 +217,9 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
   ASSERT(NULL != ctx);
 
   // Translate IANA cipher suite names to OpenSSL names
-  for (begin_of_cipher = 0; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher+1) {
-      end_of_cipher = strcspn(&ciphers[begin_of_cipher], ":");
+  begin_of_cipher = end_of_cipher = 0;
+  for (; begin_of_cipher < strlen(ciphers); begin_of_cipher = end_of_cipher) {
+      end_of_cipher += strcspn(&ciphers[begin_of_cipher], ":");
       cipher_pair = tls_get_cipher_name_pair(&ciphers[begin_of_cipher], end_of_cipher - begin_of_cipher);
 
       if (NULL == cipher_pair)
@@ -257,6 +258,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
       openssl_ciphers_len += current_cipher_len;
       openssl_ciphers[openssl_ciphers_len] = ':';
       openssl_ciphers_len++;
+
+      end_of_cipher++;
   }
 
   if (openssl_ciphers_len > 0)
author	Arne Schwabe <arne@rfc2549.org>	2013-04-06 19:45:45 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2013-04-06 19:45:45 +0200
commit	ad2256b6fe9c211d06321d99590cb457427d8e7d (patch)
tree	7ababad910b2fcbbf591b06a6255e765c8ac9f52
parent	f50f5b550a8c3c7bd6333d1e4a42f8d7e10bbe05 (diff)