mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix test of first of 255 CBC padding bytes.

Browse Source 
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.

(This is an import of change 80842bdb from BoringSSL.)

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)
This commit is contained in:
Adam Langley 2016-08-08 13:36:55 -07:00
parent 358558eba8
commit eea8723cd0
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/record/ssl3_record.c
View File

@ -1149,9 +1149,9 @@ int tls1_cbc_remove_padding(const SSL *s,
* maximum amount of padding possible. (Again, the length of the record
* is public information so we can use it.)
*/
to_check = 255; /* maximum amount of padding. */
if (to_check > rec->length - 1)
to_check = rec->length - 1;
to_check = 256; /* maximum amount of padding, inc length byte. */
if (to_check > rec->length)
to_check = rec->length;
for (i = 0; i < to_check; i++) {
unsigned char mask = constant_time_ge_8(padding_length, i);