diff options
| author | wtc%google.com <devnull@localhost> | 2010-06-24 19:53:20 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2010-06-24 19:53:20 +0000 |
| commit | 6d6fb30c69f84c971d7244d716a02fb75fdf61f8 (patch) | |
| tree | 6276f1a5cecbe9319066b7401341b5f8fdf2c93b | |
| parent | 044edca93d72df4a3d8883cd7673e8ced8fc14b1 (diff) | |
| download | nss-hg-6d6fb30c69f84c971d7244d716a02fb75fdf61f8.tar.gz | |
Bug 571797: do not check block cipher padding if decryption failed. TheNSS_3_12_7_BETA
patch is contributed by Brian Smith <brian@briansmith.org>. r=wtc.
| -rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 183d72b4d..7a7bc1043 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -8886,7 +8886,7 @@ const ssl3BulkCipherDef *cipher_def; } /* If it's a block cipher, check and strip the padding. */ - if (cipher_def->type == type_block) { + if (cipher_def->type == type_block && !padIsBad) { PRUint8 * pPaddingLen = plaintext->buf + plaintext->len - 1; padding_length = *pPaddingLen; /* TLS permits padding to exceed the block size, up to 255 bytes. */ |