From a969ca5cc81ad49fe2457b3b951d367e7bc726b7 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 10 May 2012 14:44:20 +0000 Subject: [PATCH] Sanity check record length before skipping explicit IV in DTLS to fix DoS attack. Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic fuzzing as a service testing platform. (CVE-2012-2333) --- CHANGES | 8 ++++++++ ssl/d1_enc.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 3b78496bf2..549dd041ce 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 1.0.0i and 1.0.0j [xx XXX xxxx] + *) Sanity check record length before skipping explicit IV in DTLS + to fix DoS attack. + + Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic + fuzzing as a service testing platform. + (CVE-2012-2333) + [Steve Henson] + *) Initialise tkeylen properly when encrypting CMS messages. Thanks to Solar Designer of Openwall for reporting this issue. [Steve Henson] diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c index becbab91c2..07a5e97ce5 100644 --- a/ssl/d1_enc.c +++ b/ssl/d1_enc.c @@ -260,7 +260,7 @@ int dtls1_enc(SSL *s, int send) } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ - if (i > (int)rec->length) + if (i + bs > (int)rec->length) { /* Incorrect padding. SSLerr() and ssl3_alert are done * by caller: we don't want to reveal whether this is -- 2.25.1