Groumph, version is not a reliable way to detect heartbleed.

author: Xavier Roche <xroche@users.noreply.github.com> 2014-04-10 16:45:13 +0000
committer: Xavier Roche <xroche@users.noreply.github.com> 2014-04-10 16:45:13 +0000
commit: 70a44456fb484971228556c91a894a12b9e097a1 (patch)
tree: 73570ba09123917c9a32f53002185db6a7cbea28 /src
parent: dce3642432873f18e3ae557d27d715fb52608689 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/src/htslib.c b/src/htslib.c
index ce2bcc5..81a769e 100644
--- a/src/htslib.c
+++ b/src/htslib.c
@@ -5087,7 +5087,12 @@ static int ssl_vulnerable(const char *version) {
     // CVE-2014-0160
     // "OpenSSL 1.0.1g 7 Apr 2014"
     const char minor = version[match_len];
-    return minor == ' ' || ( minor >= 'a' && minor <= 'f' );
+    return minor == ' ' 
+      || (
+        ( minor >= 'a' && minor <= 'f' )
+        // do not choke on Debian flavors, for example
+        && version[match_len + 1] == ' '
+      );
   } else {
     return 0;
   }
author	Xavier Roche <xroche@users.noreply.github.com>	2014-04-10 16:45:13 +0000
committer	Xavier Roche <xroche@users.noreply.github.com>	2014-04-10 16:45:13 +0000
commit	70a44456fb484971228556c91a894a12b9e097a1 (patch)
tree	73570ba09123917c9a32f53002185db6a7cbea28 /src
parent	dce3642432873f18e3ae557d27d715fb52608689 (diff)