Further tightened the padlen check to prevent underflow / overflow

This commit is contained in:
Paul Bakker 2014-03-26 14:06:55 +01:00
parent 76b8ab73cd
commit 91c61bc4fd
2 changed files with 6 additions and 5 deletions

View file

@ -32,6 +32,8 @@ Security
* Check notBefore timestamp of certificates and CRLs from the future. * Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping * Forbid sequence number wrapping
* Fixed possible buffer overflow with overlong PSK * Fixed possible buffer overflow with overlong PSK
* Possible remotely-triggered out-of-bounds memory access fixed (found by
TrustInSoft)
Bugfix Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of * ecp_gen_keypair() does more tries to prevent failure because of

View file

@ -1626,16 +1626,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
/* /*
* Padding is guaranteed to be incorrect if: * Padding is guaranteed to be incorrect if:
* 1. padlen - 1 > ssl->in_msglen * 1. padlen >= ssl->in_msglen
* *
* 2. ssl->in_msglen + padlen > * 2. padding_idx > SSL_MAX_CONTENT_LEN
* SSL_MAX_CONTENT_LEN + 256 (max padding)
* *
* In both cases we reset padding_idx to a safe value (0) to * In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads. * prevent out-of-buffer reads.
*/ */
correct &= ( ssl->in_msglen >= padlen - 1 ); correct &= ( ssl->in_msglen >= padlen + 1 );
correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 ); correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
padding_idx *= correct; padding_idx *= correct;