yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 10:21:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Fixed potential memory corruption on miscrafted client messages (found by Frama-C team at CEA LIST)

Browse source
This commit is contained in:
Paul Bakker 2012-04-05 12:07:34 +00:00
parent 6126481796
commit 452d532955
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -22,6 +22,10 @@ Bugfix
* Fixed handling error in mpi_cmp_mpi() on longer B values (found by
Hui Dong)
Security
* Fixed potential memory corruption on miscrafted client messages (found by
Frama-C team at CEA LIST)
= Version 1.1.1 released on 2012-01-23
Bugfix
* Check for failed malloc() in ssl_set_hostname() and x509_get_entries()

7
library/ssl_tls.c
View file

@ -880,6 +880,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
/*
* Always compute the MAC (RFC4346, CBCTIME).
*/
if( ssl->in_msglen <= ssl->maclen + padlen )
{
SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
ssl->in_msglen, ssl->maclen, padlen ) );
return( POLARSSL_ERR_SSL_INVALID_MAC );
}
ssl->in_msglen -= ( ssl->maclen + padlen );
ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );