Commit 91c61bc4 authored by Paul Bakker's avatar Paul Bakker
Browse files

Further tightened the padlen check to prevent underflow / overflow

parent 76b8ab73
......@@ -32,6 +32,8 @@ Security
* Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping
* Fixed possible buffer overflow with overlong PSK
* Possible remotely-triggered out-of-bounds memory access fixed (found by
TrustInSoft)
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of
......
......@@ -1626,16 +1626,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
/*
* Padding is guaranteed to be incorrect if:
* 1. padlen - 1 > ssl->in_msglen
* 1. padlen >= ssl->in_msglen
*
* 2. ssl->in_msglen + padlen >
* SSL_MAX_CONTENT_LEN + 256 (max padding)
* 2. padding_idx > SSL_MAX_CONTENT_LEN
*
* In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads.
*/
correct &= ( ssl->in_msglen >= padlen - 1 );
correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 );
correct &= ( ssl->in_msglen >= padlen + 1 );
correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
padding_idx *= correct;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment