faf0b8604a
With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
3 lines
139 B
Text
3 lines
139 B
Text
Security
|
|
* Fix a buffer overread when parsing short TLS application data records in
|
|
null-cipher cipher suites. Credit to OSS-Fuzz.
|