Further tightened the padlen check to prevent underflow / overflow

This commit is contained in:
Paul Bakker 2014-03-26 14:06:55 +01:00
parent 76b8ab73cd
commit 91c61bc4fd
2 changed files with 6 additions and 5 deletions

View file

@ -32,6 +32,8 @@ Security
* Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping
* Fixed possible buffer overflow with overlong PSK
* Possible remotely-triggered out-of-bounds memory access fixed (found by
TrustInSoft)
Bugfix
* ecp_gen_keypair() does more tries to prevent failure because of

View file

@ -1626,16 +1626,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
/*
* Padding is guaranteed to be incorrect if:
* 1. padlen - 1 > ssl->in_msglen
* 1. padlen >= ssl->in_msglen
*
* 2. ssl->in_msglen + padlen >
* SSL_MAX_CONTENT_LEN + 256 (max padding)
* 2. padding_idx > SSL_MAX_CONTENT_LEN
*
* In both cases we reset padding_idx to a safe value (0) to
* prevent out-of-buffer reads.
*/
correct &= ( ssl->in_msglen >= padlen - 1 );
correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 );
correct &= ( ssl->in_msglen >= padlen + 1 );
correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
padding_idx *= correct;