Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

diff --git a/CHANGES b/CHANGES
index 5e6fcbd6b320b826e41c3d7a95ef09bac4fb514a..ae0b41c84396a59fc3dc4eec4efbf141f8fe14af 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
 
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
   *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
      [Adam Langley (Google)]
  

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 1539a4ce1c5479a100e0fc718ba25e549947ec85..759231d9d4c0fc59a09aeda0292c8775cc0948b6 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -479,6 +479,9 @@ int ssl3_enc(SSL *s, int send)
 
                        /* we need to add 'i-1' padding bytes */
                        l+=i;
+                       /* the last of these zero bytes will be overwritten
+                        * with the padding length. */
+                       memset(&rec->input[rec->length], 0, i);
                        rec->length+=i;
                        rec->input[l-1]=(i-1);
                        }