diff options
author | Adam Langley <agl@chromium.org> | 2016-08-08 13:36:55 -0700 |
---|---|---|
committer | Adam Langley <agl@chromium.org> | 2016-08-08 13:36:55 -0700 |
commit | eea8723cd0d56398fc40d0337e9e730961c9c2fa (patch) | |
tree | e138ad2677c1b2a032b7719a27d3c1e404a142e3 /ssl | |
parent | 358558eba8a55e152d7ffcdf98cd561f46aeb9a3 (diff) | |
download | openssl-eea8723cd0d56398fc40d0337e9e730961c9c2fa.tar.gz |
Fix test of first of 255 CBC padding bytes.
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.
(This is an import of change 80842bdb from BoringSSL.)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1431)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/ssl3_record.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index ad240bc52d..49c6756376 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -1149,9 +1149,9 @@ int tls1_cbc_remove_padding(const SSL *s, * maximum amount of padding possible. (Again, the length of the record * is public information so we can use it.) */ - to_check = 255; /* maximum amount of padding. */ - if (to_check > rec->length - 1) - to_check = rec->length - 1; + to_check = 256; /* maximum amount of padding, inc length byte. */ + if (to_check > rec->length) + to_check = rec->length; for (i = 0; i < to_check; i++) { unsigned char mask = constant_time_ge_8(padding_length, i); |