6466370 Security vulnerabilities in OpenSSL may lead to DoS or code execution (CVE-2006-3738,CVE-2006-4343)

3 files changed, 4 insertions, 3 deletions

diff --git a/usr/src/common/openssl/ssl/s2_clnt.c b/usr/src/common/openssl/ssl/s2_clnt.c
index 0c9e24d5c4..3288b5f013 100644
--- a/usr/src/common/openssl/ssl/s2_clnt.c
+++ b/usr/src/common/openssl/ssl/s2_clnt.c
@@ -520,7 +520,8 @@ static int get_server_hello(SSL *s)
 		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
 		}
 
-	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+	if (s->session->sess_cert == NULL
+      || s->session->peer != s->session->sess_cert->peer_key->x509)
 		/* can't happen */
 		{
 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
diff --git a/usr/src/common/openssl/ssl/s3_srvr.c b/usr/src/common/openssl/ssl/s3_srvr.c
index f762480a02..a645126818 100644
--- a/usr/src/common/openssl/ssl/s3_srvr.c
+++ b/usr/src/common/openssl/ssl/s3_srvr.c
@@ -2017,7 +2017,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 
                 if (kssl_ctx->client_princ)
                         {
-                        int len = strlen(kssl_ctx->client_princ);
+			size_t len = strlen(kssl_ctx->client_princ);
                         if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
                                 {
                                 s->session->krb5_client_princ_len = len;
diff --git a/usr/src/common/openssl/ssl/ssl_lib.c b/usr/src/common/openssl/ssl/ssl_lib.c
index dfc1bad52a..110655aeb2 100644
--- a/usr/src/common/openssl/ssl/ssl_lib.c
+++ b/usr/src/common/openssl/ssl/ssl_lib.c
@@ -1219,7 +1219,7 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
-			if (len-- == 0)
+			if (len-- <= 0)
 				{
 				*p='\0';
 				return(buf);