Correctly handle disabled ciphers

A cipher value could be -1, 0 or 1 meaning completely disabled, disabled and enabled. A -1 passed to SSL_CipherPrefSet() could cause a cipher to actually be enabled. Now pass PR_TRUE if the cipher is enabled otherwise pass PR_FALSE. Fix CVE-2015-5244
author: Rob Crittenden <rcritten@redhat.com> 2015-08-27 13:06:46 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2015-10-02 16:51:19 -0400
commit: 34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (patch)
tree: c1852d3acc7ee28fed82972c5cdb39bbac0ad21a /nss_engine_init.c
parent: 696fab562ce0ee31344bcccc85cea3e4eb15bf18 (diff)
download: mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.tar.gz
mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.tar.xz
mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c
index 23653dd..4d82f53 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -987,7 +987,7 @@ static void nss_init_ctx_cipher_suite(server_rec *s,
 
     /* Finally actually enable the selected ciphers */
     for (i=0; i<ciphernum;i++) {
-        SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i]);
+        SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i] == 1 ? PR_TRUE : PR_FALSE);
     }
 }
author	Rob Crittenden <rcritten@redhat.com>	2015-08-27 13:06:46 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2015-10-02 16:51:19 -0400
commit	34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (patch)
tree	c1852d3acc7ee28fed82972c5cdb39bbac0ad21a /nss_engine_init.c
parent	696fab562ce0ee31344bcccc85cea3e4eb15bf18 (diff)
download	mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.tar.gz mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.tar.xz mod_nss-34e1ccecb4a7d5054dba2f92b403af9b6ae1e110.zip