Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include sourc...

author Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index 58386e1ba03cac59d74b1e75c9d84888c51b0a54..b14597076d07ed9b3cfde4020ea3e47d2bc92fcd 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send)
  
                         /* we need to add 'i-1' padding bytes */
                         l+=i;
+                       /* the last of these zero bytes will be overwritten
+                        * with the padding length. */
+                       memset(&rec->input[rec->length], 0, i);
                         rec->length+=i;
                         rec->input[l-1]=(i-1);
                         }
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jan 2012 15:38:54 +0000 (15:38 +0000)