Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333)
This commit is contained in:
Dr. Stephen Henson
parent
1e4406a854
commit
a969ca5cc8
8
CHANGES
8
CHANGES
@ -4,6 +4,14 @@
|
|||||||
|
|
||||||
Changes between 1.0.0i and 1.0.0j [xx XXX xxxx]
|
Changes between 1.0.0i and 1.0.0j [xx XXX xxxx]
|
||||||
|
|
||||||
|
*) Sanity check record length before skipping explicit IV in DTLS
|
||||||
|
to fix DoS attack.
|
||||||
|
|
||||||
|
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
||||||
|
fuzzing as a service testing platform.
|
||||||
|
(CVE-2012-2333)
|
||||||
|
[Steve Henson]
|
||||||
|
|
||||||
*) Initialise tkeylen properly when encrypting CMS messages.
|
*) Initialise tkeylen properly when encrypting CMS messages.
|
||||||
Thanks to Solar Designer of Openwall for reporting this issue.
|
Thanks to Solar Designer of Openwall for reporting this issue.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|||||||
@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send)
|
|||||||
}
|
}
|
||||||
/* TLS 1.0 does not bound the number of padding bytes by the block size.
|
/* TLS 1.0 does not bound the number of padding bytes by the block size.
|
||||||
* All of them must have value 'padding_length'. */
|
* All of them must have value 'padding_length'. */
|
||||||
if (i > (int)rec->length)
|
if (i + bs > (int)rec->length)
|
||||||
{
|
{
|
||||||
/* Incorrect padding. SSLerr() and ssl3_alert are done
|
/* Incorrect padding. SSLerr() and ssl3_alert are done
|
||||||
* by caller: we don't want to reveal whether this is
|
* by caller: we don't want to reveal whether this is
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user