Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites In case full SSL frames arrived, they were rejected because an overly strict padding check.

commit: 61885c7f7f036d67a16f6730525377db3bb95324 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 25 12:59:03 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Fri Apr 25 12:59:51 2014 +0200
tree: 7654e0a16afef2f169053fb069a6cafe5f68620c
parent: fdba46885b0cc849d0ce061878676f9a1fbe7efd [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 116bc5c..271bfe6 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1633,13 +1633,15 @@
              * Padding is guaranteed to be incorrect if:
              *   1. padlen >= ssl->in_msglen
              *
-             *   2. padding_idx > SSL_MAX_CONTENT_LEN
+             *   2. padding_idx >= SSL_MAX_CONTENT_LEN +
+             *                     ssl->transform_in->maclen
              *
              * In both cases we reset padding_idx to a safe value (0) to
              * prevent out-of-buffer reads.
              */
             correct &= ( ssl->in_msglen >= padlen + 1 );
-            correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
+            correct &= ( padding_idx < SSL_MAX_CONTENT_LEN +
+                                       ssl->transform_in->maclen );
 
             padding_idx *= correct;
commit	61885c7f7f036d67a16f6730525377db3bb95324	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 25 12:59:03 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Fri Apr 25 12:59:51 2014 +0200
tree	7654e0a16afef2f169053fb069a6cafe5f68620c
parent	fdba46885b0cc849d0ce061878676f9a1fbe7efd [diff] [blame]