Further tightened the padlen check to prevent underflow / overflow

91c61bc4 · Paul Bakker · 76b8ab73 · 91c61bc4 · 91c61bc4
Commit 91c61bc4 authored Mar 26, 2014 by Paul Bakker
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 5 deletions

ChangeLog ChangeLog +2 -0

library/ssl_tls.c library/ssl_tls.c +4 -5

No files found.
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,8 @@ Security
   * Check notBefore timestamp of certificates and CRLs from the future.
   * Forbid sequence number wrapping
   * Fixed possible buffer overflow with overlong PSK
+   * Possible remotely-triggered out-of-bounds memory access fixed (found by
+     TrustInSoft)

 Bugfix
   * ecp_gen_keypair() does more tries to prevent failure because of

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1626,16 +1626,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )

            /*
             * Padding is guaranteed to be incorrect if:
-             *   1. padlen - 1 > ssl->in_msglen
+             *   1. padlen >= ssl->in_msglen
             *
-             *   2. ssl->in_msglen + padlen >
-             *        SSL_MAX_CONTENT_LEN + 256 (max padding)
+             *   2. padding_idx > SSL_MAX_CONTENT_LEN
             *
             * In both cases we reset padding_idx to a safe value (0) to
             * prevent out-of-buffer reads.
             */
-            correct &= ( ssl->in_msglen >= padlen - 1 );
-            correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 );
+            correct &= ( ssl->in_msglen >= padlen + 1 );
+            correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );

            padding_idx *= correct;