PR: 2739

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.
author: steve <steve> 2012-02-27 16:38:24 +0000
committer: steve <steve> 2012-02-27 16:38:24 +0000
commit: 17fc4b403e758648b08147f6b2bb414c422c6d73 (patch)
tree: 5af355e9492d32bc50d4a5a4d2de5e9aae7de692
parent: 77764c6ddeb223d3e083c004130fc8c7133bb212 (diff)
download: openssl-17fc4b403e758648b08147f6b2bb414c422c6d73.tar.gz
2 files changed, 6 insertions, 2 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index b96e34f2e..5c47c7c19 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1422,8 +1422,9 @@ dtls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
+		bp += payload;
 		/* Random padding */
-		RAND_pseudo_bytes(p, padding);
+		RAND_pseudo_bytes(bp, padding);
 
 		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index f2e6b7cab..9c76da112 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2467,7 +2467,10 @@ tls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
-		
+		bp += payload;
+		/* Random padding */
+		RAND_pseudo_bytes(bp, padding);
+
 		r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
 
 		if (r >= 0 && s->msg_callback)
author	steve <steve>	2012-02-27 16:38:24 +0000
committer	steve <steve>	2012-02-27 16:38:24 +0000
commit	17fc4b403e758648b08147f6b2bb414c422c6d73 (patch)
tree	5af355e9492d32bc50d4a5a4d2de5e9aae7de692
parent	77764c6ddeb223d3e083c004130fc8c7133bb212 (diff)
download	openssl-17fc4b403e758648b08147f6b2bb414c422c6d73.tar.gz