Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:16:15 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 23:16:15 +0000
commit: 27dfffd5b75ee1db114e32f6dc73e266513889c5 (patch)
tree: 6a006322ef5576786141a4415c735a8d688fd667 /ssl/s3_enc.c
parent: d0dc991c6228564212ace119440a9ac5f21578bc (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 0ddfe192bc..c5df2cb90a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send)
 
 			/* we need to add 'i-1' padding bytes */
 			l+=i;
+			/* the last of these zero bytes will be overwritten
+			 * with the padding length. */
+			memset(&rec->input[rec->length], 0, i);
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:16:15 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 23:16:15 +0000
commit	27dfffd5b75ee1db114e32f6dc73e266513889c5 (patch)
tree	6a006322ef5576786141a4415c735a8d688fd667 /ssl/s3_enc.c
parent	d0dc991c6228564212ace119440a9ac5f21578bc (diff)