From 27dfffd5b75ee1db114e32f6dc73e266513889c5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 4 Jan 2012 23:16:15 +0000 Subject: [PATCH] Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) --- CHANGES | 4 ++++ ssl/s3_enc.c | 3 +++ 2 files changed, 7 insertions(+) diff --git a/CHANGES b/CHANGES index 04b14bda8c..176b649453 100644 --- a/CHANGES +++ b/CHANGES @@ -523,6 +523,10 @@ Changes between 1.0.0e and 1.0.0f [xx XXX xxxx] + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) [Adam Langley (Google)] diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 0ddfe192bc..c5df2cb90a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); } -- 2.25.1