From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 27 Feb 2012 16:38:10 +0000 (+0000)
Subject: PR: 2739
X-Git-Tag: OpenSSL_1_0_1~23
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a54ce007e677ddd3a0cc4a3e4b47e823076117fa;p=oweals%2Fopenssl.git

PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix padding bugs in Heartbeat support.
---

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 0a84f95711..48db246424 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1478,8 +1478,9 @@ dtls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
+		bp += payload;
 		/* Random padding */
-		RAND_pseudo_bytes(p, padding);
+		RAND_pseudo_bytes(bp, padding);
 
 		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f28e0638ef..57d1107e40 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2467,7 +2467,10 @@ tls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
-		
+		bp += payload;
+		/* Random padding */
+		RAND_pseudo_bytes(bp, padding);
+
 		r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
 
 		if (r >= 0 && s->msg_callback)