From 61885c7f7f036d67a16f6730525377db3bb95324 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Fri, 25 Apr 2014 12:59:03 +0200 Subject: [PATCH] Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly strict padding check. --- ChangeLog | 2 ++ library/ssl_tls.c | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index d58df3a37..1d3277cc7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan Karger) * cert_write app should use subject of issuer certificate as issuer of cert + * Fix false reject in padding check in ssl_decrypt_buf() for CBC + ciphersuites, for full SSL frames of data. = PolarSSL 1.3.6 released on 2014-04-11 diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 116bc5cf4..271bfe605 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1633,13 +1633,15 @@ static int ssl_decrypt_buf( ssl_context *ssl ) * Padding is guaranteed to be incorrect if: * 1. padlen >= ssl->in_msglen * - * 2. padding_idx > SSL_MAX_CONTENT_LEN + * 2. padding_idx >= SSL_MAX_CONTENT_LEN + + * ssl->transform_in->maclen * * In both cases we reset padding_idx to a safe value (0) to * prevent out-of-buffer reads. */ correct &= ( ssl->in_msglen >= padlen + 1 ); - correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN ); + correct &= ( padding_idx < SSL_MAX_CONTENT_LEN + + ssl->transform_in->maclen ); padding_idx *= correct;