diff options
| author | Xavier Roche <xroche@users.noreply.github.com> | 2014-04-10 16:51:40 +0000 |
|---|---|---|
| committer | Xavier Roche <xroche@users.noreply.github.com> | 2014-04-10 16:51:40 +0000 |
| commit | c7b0023dd7fb100713851eef338a89c2c773375e (patch) | |
| tree | bbffd70fe8926fa20d0f10a1a5f8e83b9c01a9a9 | |
| parent | 70a44456fb484971228556c91a894a12b9e097a1 (diff) | |
Nope, Debian did not change the version number when fixing the bug :(
| -rw-r--r-- | src/htslib.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/htslib.c b/src/htslib.c index 81a769e..e3be90f 100644 --- a/src/htslib.c +++ b/src/htslib.c @@ -5081,21 +5081,17 @@ HTSEXT_API const char* hts_version(void) { } static int ssl_vulnerable(const char *version) { +#ifdef _WIN32 static const char *const match = "OpenSSL 1.0.1"; const size_t match_len = strlen(match); if (version != NULL && strncmp(version, match, match_len) == 0) { // CVE-2014-0160 // "OpenSSL 1.0.1g 7 Apr 2014" const char minor = version[match_len]; - return minor == ' ' - || ( - ( minor >= 'a' && minor <= 'f' ) - // do not choke on Debian flavors, for example - && version[match_len + 1] == ' ' - ); - } else { - return 0; + return minor == ' ' || ( minor >= 'a' && minor <= 'f' ); } +#endif + return 0; } static int hts_init_ok = 0; |