diff options
author | bodo <bodo> | 2001-09-20 18:35:32 +0000 |
---|---|---|
committer | bodo <bodo> | 2001-09-20 18:35:32 +0000 |
commit | 1ab56a022ef5ce05daf0a14c67b45eae061853f1 (patch) | |
tree | a2099ed184be1973fcc3293e02d50d5c16574c98 /ssl/s2_pkt.c | |
parent | 4b90d3dc5a4de698974ff19c65cac6ac78041d2b (diff) | |
download | openssl-1ab56a022ef5ce05daf0a14c67b45eae061853f1.tar.gz |
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.
In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.
Diffstat (limited to 'ssl/s2_pkt.c')
-rw-r--r-- | ssl/s2_pkt.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c index 4340404b8..1bb0ef1e8 100644 --- a/ssl/s2_pkt.c +++ b/ssl/s2_pkt.c @@ -130,7 +130,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) unsigned char mac[MAX_MAC_SIZE]; unsigned char *p; int i; - unsigned int mac_size=0; + unsigned int mac_size; ssl2_read_again: if (SSL_in_init(s) && !s->in_handshake) @@ -235,17 +235,25 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek) /* Data portion */ if (s->s2->clear_text) { + mac_size = 0; s->s2->mac_data=p; s->s2->ract_data=p; - s->s2->pad_data=NULL; + if (s->s2->padding) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); + return(-1); + } } else { mac_size=EVP_MD_size(s->read_hash); s->s2->mac_data=p; s->s2->ract_data= &p[mac_size]; - s->s2->pad_data= &p[mac_size+ - s->s2->rlength-s->s2->padding]; + if (s->s2->padding + mac_size > s->s2->rlength) + { + SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING); + return(-1); + } } s->s2->ract_data_length=s->s2->rlength; @@ -593,10 +601,8 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->wact_data= &(s->s2->wbuf[3+mac_size]); /* we copy the data into s->s2->wbuf */ memcpy(s->s2->wact_data,buf,len); -#ifdef PURIFY if (p) - memset(&(s->s2->wact_data[len]),0,p); -#endif + memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */ if (!s->s2->clear_text) { |