From: Dr. Stephen Henson Date: Wed, 4 Jan 2012 18:54:17 +0000 (+0000) Subject: Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) X-Git-Tag: OpenSSL_0_9_8s~6 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=e643112dd8166ec64885d22b147ff17b206941b8;p=oweals%2Fopenssl.git Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) --- diff --git a/CHANGES b/CHANGES index 5e6fcbd6b3..ae0b41c843 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx] + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) [Adam Langley (Google)] diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 1539a4ce1c..759231d9d4 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -479,6 +479,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); }