yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-06-16 14:40:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Potential buffer-overflow for ssl_read_record()

Browse source
This commit is contained in:
Paul Bakker 2013-09-11 13:16:28 +02:00
parent 3f5b753654
commit 8648f04e47
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,5 +1,10 @@
PolarSSL ChangeLog PolarSSL ChangeLog
= Branch 1.1
Security
* Potential buffer-overflow for ssl_read_record() (independently found by
both TrustInSoft and Paul Brodeur of Leviathan Security Group)
= Version 1.1.7 released on 2013-06-19 = Version 1.1.7 released on 2013-06-19
Changes Changes
* HAVEGE random generator disabled by default * HAVEGE random generator disabled by default

2
library/ssl_tls.c
View file

@ -1159,7 +1159,7 @@ int ssl_read_record( ssl_context *ssl )
/* /*
* TLS encrypted messages can have up to 256 bytes of padding * TLS encrypted messages can have up to 256 bytes of padding
*/ */
if( ssl->minor_ver == SSL_MINOR_VERSION_1 && if( ssl->minor_ver >= SSL_MINOR_VERSION_1 &&
ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 ) ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 )
{ {
SSL_DEBUG_MSG( 1, ( "bad message length" ) ); SSL_DEBUG_MSG( 1, ( "bad message length" ) );