From 08485cca81a1a86577489d04875370690027a7cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 18 Jun 2014 23:11:34 +0200 Subject: [PATCH] Fix SSL_BUFFER_LEN --- ChangeLog | 6 +++++- include/polarssl/ssl.h | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae1a57273..e554f8d61 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,9 +34,13 @@ Bugfix * Fix symlink command for cross compiling with CMake (found by Andre Heinecke) * Fix DER output of gen_key app (found by Gergely Budai) - * Very small packets were incorrectly rejected when truncated HMAC was in + * Very small records were incorrectly rejected when truncated HMAC was in use with some ciphersuites and versions (RC4 in all versions, CBC with versions < TLS 1.1). + * Very large records using more than 224 bytes of padding were incorrectly + rejected with CBC-based ciphersuites and TLS >= 1.1 + * Very large records using less padding could cause a buffer overread of up + to 32 bytes with CBC-based ciphersuites and TLS >= 1.1 = PolarSSL 1.3.7 released on 2014-05-02 Features diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 21ed42ead..91e398144 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -258,8 +258,8 @@ /* \} name SECTION: Module settings */ /* - * Allow an extra 301 bytes for the record header - * and encryption overhead: counter (8) + header (5) + MAC (32) + padding (256) + * Allow an extra 301 bytes for the record header and encryption overhead: + * counter (8) + header (5) + IV(16) + MAC (48) + padding (256) * and allow for a maximum of 1024 of compression expansion if * enabled. */ @@ -269,7 +269,7 @@ #define SSL_COMPRESSION_ADD 0 #endif -#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 301) +#define SSL_BUFFER_LEN (SSL_MAX_CONTENT_LEN + SSL_COMPRESSION_ADD + 333) #define SSL_EMPTY_RENEGOTIATION_INFO 0xFF /**< renegotiation info ext */