Djam/openssl
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl.git synced 2025-02-23 08:12:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openssl/openssl-1.0.0d-CVE-2012-0050.diff

39 lines
1.1 KiB
Diff
Raw Permalink Blame History

http://cvs.openssl.org/chngview?cn=22037
--- ssl/d1_pkt.c 2012-01-29 10:39:58.000000000 +0000
+++ ssl/d1_pkt.c.oden 2012-01-29 10:39:45.000000000 +0000
@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
@@ -447,19 +448,15 @@ printf("\n");
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- decryption_failed_or_bad_record_mac = 1;
-#endif
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
}
- rr->length-=mac_size;
+ else
+ rr->length = 0;
i=s->method->ssl3_enc->mac(s,md,0);
- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{
decryption_failed_or_bad_record_mac = 1;
}
Reference in a new issue View git blame Copy permalink