Sanity check record length before skipping explicit IV in DTLS

to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
2012-05-10 14:33:11 +00:00 · 2012-05-10 14:33:11 +00:00 · 36dd4cba3d
commit 36dd4cba3d
parent 3978429ad5
2 changed files with 9 additions and 1 deletions
--- a/8
+++ b/8
@ -4,6 +4,14 @@

 Changes between 0.9.8w and 0.9.8x [xx XXX xxxx]

+  *) Sanity check record length before skipping explicit IV in DTLS
+     to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
  *) Initialise tkeylen properly when encrypting CMS messages.
     Thanks to Solar Designer of Openwall for reporting this issue.
     [Steve Henson]
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@ -249,7 +249,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is