generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-01-04 23:13:29 +00:00
parent 0cffb0cd3e
commit 4e44bd3650
2 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -269,6 +269,10 @@
Changes between 1.0.0e and 1.0.0f [xx XXX xxxx] Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
*) Clear bytes used for block padding of SSL 3.0 records.
(CVE-2011-4576)
[Adam Langley (Google)]
*) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
[Adam Langley (Google)] [Adam Langley (Google)]

3
ssl/s3_enc.c
View File

@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send)
/* we need to add 'i-1' padding bytes */ /* we need to add 'i-1' padding bytes */
l+=i; l+=i;
/* the last of these zero bytes will be overwritten
* with the padding length. */
memset(&rec->input[rec->length], 0, i);
rec->length+=i; rec->length+=i;
rec->input[l-1]=(i-1); rec->input[l-1]=(i-1);
} }