From a54ce007e677ddd3a0cc4a3e4b47e823076117fa Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 27 Feb 2012 16:38:10 +0000 Subject: [PATCH] PR: 2739 Submitted by: Robin Seggelmann Fix padding bugs in Heartbeat support. --- ssl/d1_both.c | 3 ++- ssl/t1_lib.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 0a84f95711..48db246424 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1478,8 +1478,9 @@ dtls1_process_heartbeat(SSL *s) *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); + bp += payload; /* Random padding */ - RAND_pseudo_bytes(p, padding); + RAND_pseudo_bytes(bp, padding); r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f28e0638ef..57d1107e40 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2467,7 +2467,10 @@ tls1_process_heartbeat(SSL *s) *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); - + bp += payload; + /* Random padding */ + RAND_pseudo_bytes(bp, padding); + r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) -- 2.25.1