diff --git a/ChangeLog b/ChangeLog index f6333911c..cf5897b4a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -32,6 +32,8 @@ Security * Check notBefore timestamp of certificates and CRLs from the future. * Forbid sequence number wrapping * Fixed possible buffer overflow with overlong PSK + * Possible remotely-triggered out-of-bounds memory access fixed (found by + TrustInSoft) Bugfix * ecp_gen_keypair() does more tries to prevent failure because of diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8c6042858..f38802dde 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1626,16 +1626,15 @@ static int ssl_decrypt_buf( ssl_context *ssl ) /* * Padding is guaranteed to be incorrect if: - * 1. padlen - 1 > ssl->in_msglen + * 1. padlen >= ssl->in_msglen * - * 2. ssl->in_msglen + padlen > - * SSL_MAX_CONTENT_LEN + 256 (max padding) + * 2. padding_idx > SSL_MAX_CONTENT_LEN * * In both cases we reset padding_idx to a safe value (0) to * prevent out-of-buffer reads. */ - correct &= ( ssl->in_msglen >= padlen - 1 ); - correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 ); + correct &= ( ssl->in_msglen >= padlen + 1 ); + correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN ); padding_idx *= correct;