generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't crash when processing a zero-length, TLS >= 1.1 record.

Browse Source 
The previous CBC patch was bugged in that there was a path through enc()
in s3_pkt.c/d1_pkt.c which didn't set orig_len. orig_len would be left
at the previous value which could suggest that the packet was a
sufficient length when it wasn't.
(cherry picked from commit 6cb19b7681)
(cherry picked from commit 2c948c1bb218f4ae126e14fd3453d42c62b93235)

Conflicts:
	ssl/s3_enc.c
This commit is contained in:
Ben Laurie
2013-01-28 17:33:18 +00:00
committed by Dr. Stephen Henson
parent 2928cb4c82
commit b3a959a337
5 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/s3_pkt.c
View File

@@ -352,8 +352,13 @@ again:
/* decrypt in place in 'rr->input' */
rr->data=rr->input;
rr->orig_len=rr->length;
enc_err = s->method->ssl3_enc->enc(s,0);
/* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 1: if the padding is valid
* -1: if the padding is invalid */
if (enc_err == 0)
{
/* SSLerr() and ssl3_send_alert() have been called */