mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 01:55:30 +00:00
Fix length checking for AEAD ciphersuites
This commit is contained in:
parent
312da33ef1
commit
5bad6afd8c
|
@ -23,6 +23,9 @@ Security
|
||||||
* Forbid sequence number wrapping
|
* Forbid sequence number wrapping
|
||||||
* Prevent potential NULL pointer dereference in ssl_read_record() (found by
|
* Prevent potential NULL pointer dereference in ssl_read_record() (found by
|
||||||
TrustInSoft)
|
TrustInSoft)
|
||||||
|
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
|
||||||
|
It was possible to crash the server (and client) using crafted messages
|
||||||
|
when a GCM suite was chosen.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Fixed X.509 hostname comparison (with non-regular characters)
|
* Fixed X.509 hostname comparison (with non-regular characters)
|
||||||
|
|
|
@ -1254,6 +1254,9 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||||
size_t dec_msglen;
|
size_t dec_msglen;
|
||||||
unsigned char add_data[13];
|
unsigned char add_data[13];
|
||||||
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||||
|
unsigned char taglen = 16;
|
||||||
|
unsigned char explicit_iv_len = ssl->transform_in->ivlen -
|
||||||
|
ssl->transform_in->fixed_ivlen;
|
||||||
|
|
||||||
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
#if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C)
|
||||||
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
|
if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
|
@ -1261,11 +1264,16 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||||
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ||
|
||||||
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
|
||||||
{
|
{
|
||||||
dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen -
|
if( ssl->in_msglen < explicit_iv_len + taglen )
|
||||||
ssl->transform_in->fixed_ivlen );
|
{
|
||||||
dec_msglen -= 16;
|
SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) "
|
||||||
dec_msg = ssl->in_msg + ( ssl->transform_in->ivlen -
|
"+ taglen (%d)", ssl->in_msglen,
|
||||||
ssl->transform_in->fixed_ivlen );
|
explicit_iv_len, taglen ) );
|
||||||
|
return( POLARSSL_ERR_SSL_INVALID_MAC );
|
||||||
|
}
|
||||||
|
dec_msglen = ssl->in_msglen - explicit_iv_len - taglen;
|
||||||
|
|
||||||
|
dec_msg = ssl->in_msg + explicit_iv_len;
|
||||||
dec_msg_result = ssl->in_msg;
|
dec_msg_result = ssl->in_msg;
|
||||||
ssl->in_msglen = dec_msglen;
|
ssl->in_msglen = dec_msglen;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue