TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 91c61bc4fd815f689b499f849b3baf828c0f8490^! / .
commit91c61bc4fd815f689b499f849b3baf828c0f8490[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Wed Mar 26 14:06:55 2014 +0100
committerPaul Bakker <p.j.bakker@polarssl.org>Wed Mar 26 15:14:20 2014 +0100
tree4cbd9635488cdb85cf32007632d532d4b30001c6
parent76b8ab73cd09459805f76ac01ec3fec984d6f8d0 [diff]
Further tightened the padlen check to prevent underflow / overflow

diff --git a/ChangeLog b/ChangeLog
index f633391..cf5897b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -32,6 +32,8 @@
    * Check notBefore timestamp of certificates and CRLs from the future.
    * Forbid sequence number wrapping
    * Fixed possible buffer overflow with overlong PSK
+   * Possible remotely-triggered out-of-bounds memory access fixed (found by
+     TrustInSoft)
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8c60428..f38802d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1626,16 +1626,15 @@
 
             /*
              * Padding is guaranteed to be incorrect if:
-             *   1. padlen - 1 > ssl->in_msglen
+             *   1. padlen >= ssl->in_msglen
              *
-             *   2. ssl->in_msglen + padlen >
-             *        SSL_MAX_CONTENT_LEN + 256 (max padding)
+             *   2. padding_idx > SSL_MAX_CONTENT_LEN
              *
              * In both cases we reset padding_idx to a safe value (0) to
              * prevent out-of-buffer reads.
              */
-            correct &= ( ssl->in_msglen >= padlen - 1 );
-            correct &= ( ssl->in_msglen + padlen <= SSL_MAX_CONTENT_LEN + 256 );
+            correct &= ( ssl->in_msglen >= padlen + 1 );
+            correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
 
             padding_idx *= correct;