From eea8723cd0d56398fc40d0337e9e730961c9c2fa Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 8 Aug 2016 13:36:55 -0700 Subject: [PATCH] Fix test of first of 255 CBC padding bytes. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Thanks to Peter Gijsels for pointing out that if a CBC record has 255 bytes of padding, the first was not being checked. (This is an import of change 80842bdb from BoringSSL.) Reviewed-by: Emilia Käsper Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1431) --- ssl/record/ssl3_record.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index ad240bc52d..49c6756376 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1149,9 +1149,9 @@ int tls1_cbc_remove_padding(const SSL *s, * maximum amount of padding possible. (Again, the length of the record * is public information so we can use it.) */ - to_check = 255; /* maximum amount of padding. */ - if (to_check > rec->length - 1) - to_check = rec->length - 1; + to_check = 256; /* maximum amount of padding, inc length byte. */ + if (to_check > rec->length) + to_check = rec->length; for (i = 0; i < to_check; i++) { unsigned char mask = constant_time_ge_8(padding_length, i); -- 2.25.1