Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

author Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)
diff --git a/CHANGES b/CHANGES

index d492b2e95e3a4aff7821bd7b5cd3ae80aab4f008..76e12f9e32dcf125822263538d8b5f4be470caed 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -269,6 +269,10 @@
  
   Changes between 1.0.0e and 1.0.0f [xx XXX xxxx]
  
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
    *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
       [Adam Langley (Google)]
  
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index 0ddfe192bc60748e41720c528a93de2622c9bed2..c5df2cb90ae1c34db4bda00773466ad041b32383 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send)
  
                         /* we need to add 'i-1' padding bytes */
                         l+=i;
+                       /* the last of these zero bytes will be overwritten
+                        * with the padding length. */
+                       memset(&rec->input[rec->length], 0, i);
                         rec->length+=i;
                         rec->input[l-1]=(i-1);
                         }
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jan 2012 23:13:29 +0000 (23:13 +0000)
CHANGES		patch \| blob \| history
ssl/s3_enc.c		patch \| blob \| history