From 34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 27 Aug 2015 13:06:46 -0400
Subject: Correctly handle disabled ciphers

A cipher value could be -1, 0 or 1 meaning completely disabled,
disabled and enabled. A -1 passed to SSL_CipherPrefSet() could
cause a cipher to actually be enabled. Now pass PR_TRUE if
the cipher is enabled otherwise pass PR_FALSE.

Fix CVE-2015-5244
---
 nss_engine_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nss_engine_init.c')

diff --git a/nss_engine_init.c b/nss_engine_init.c
index 23653dd..4d82f53 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -987,7 +987,7 @@ static void nss_init_ctx_cipher_suite(server_rec *s,
 
     /* Finally actually enable the selected ciphers */
     for (i=0; i<ciphernum;i++) {
-        SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i]);
+        SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i] == 1 ? PR_TRUE : PR_FALSE);
     }
 }
 
-- 
cgit