diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-01-04 23:13:29 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-01-04 23:13:29 +0000 |
commit | 4e44bd3650b4ceda182de8978244b5b8dc6d0f5a (patch) | |
tree | 8369aefd4c8a5fc9984721255c7c4d34c109d2ef | |
parent | 0cffb0cd3e1ba8c016b92941eff172e17dbf6d4a (diff) | |
download | openssl-new-4e44bd3650b4ceda182de8978244b5b8dc6d0f5a.tar.gz |
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | ssl/s3_enc.c | 3 |
2 files changed, 7 insertions, 0 deletions
@@ -269,6 +269,10 @@ Changes between 1.0.0e and 1.0.0f [xx XXX xxxx] + *) Clear bytes used for block padding of SSL 3.0 records. + (CVE-2011-4576) + [Adam Langley (Google)] + *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619) [Adam Langley (Google)] diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 0ddfe192bc..c5df2cb90a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); } |