1 files changed, 10 insertions, 4 deletions

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index df48245b2c..438d9eacbb 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -674,13 +674,14 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                          * So additionally check whether the cipher name found
                          * has the correct length. We can save a strlen() call:
                          * just checking for the '\0' at the right place is
-                         * sufficient, we have to strncmp() anyway.
+                         * sufficient, we have to strncmp() anyway. (We cannot
+                         * use strcmp(), because buf is not '\0' terminated.)
                          */
                          j = found = 0;
                          while (ca_list[j])
                                 {
-                                if ((ca_list[j]->name[buflen] == '\0') &&
-                                    !strncmp(buf, ca_list[j]->name, buflen))
+                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
+                                    (ca_list[j]->name[buflen] == '\0'))
                                         {
                                         found = 1;
                                         break;
@@ -757,7 +758,12 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          */
         if (rule_str == NULL) return(NULL);
 
-        if (init_ciphers) load_ciphers();
+        if (init_ciphers)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+                if (init_ciphers) load_ciphers();
+                CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+                }
 
         /*
          * To reduce the work to do we only want to process the compiled