Fix SSL_BUFFER_LEN

2024-10-18 10:21:06 +00:00 · 2014-06-18 23:11:34 +02:00 · 2014-06-18 23:11:34 +02:00 · 08485cca81
parent 8920f69fef
commit 08485cca81
2 changed files with 8 additions and 4 deletions
--- a/6
+++ b/6
@ -34,9 +34,13 @@ Bugfix
   * Fix symlink command for cross compiling with CMake (found by Andre
     Heinecke)
   * Fix DER output of gen_key app (found by Gergely Budai)
-   * Very small packets were incorrectly rejected when truncated HMAC was in
+   * Very small records were incorrectly rejected when truncated HMAC was in
     use with some ciphersuites and versions (RC4 in all versions, CBC with
     versions < TLS 1.1).
+   * Very large records using more than 224 bytes of padding were incorrectly
+     rejected with CBC-based ciphersuites and TLS >= 1.1
+   * Very large records using less padding could cause a buffer overread of up
+     to 32 bytes with CBC-based ciphersuites and TLS >= 1.1

 = PolarSSL 1.3.7 released on 2014-05-02
 Features
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@ -258,8 +258,8 @@
 /* \} name SECTION: Module settings */

 /*
- * Allow an extra 301 bytes for the record header
- * and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256)
+ * Allow an extra 301 bytes for the record header and encryption overhead:
+ * counter (8) + header (5) + IV(16) + MAC (48) + padding (256)
 * and allow for a maximum of 1024 of compression expansion if
 * enabled.
 */
@ -269,7 +269,7 @@
 #define SSL_COMPRESSION_ADD             0
 #endif

-#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301)
+#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 333)

 #define SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */