diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-01-18 18:14:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-01-18 18:14:56 +0000 |
commit | 2dc4b0dbe8368992801d56680137d3e582c276fc (patch) | |
tree | a0f9e989509edab0998108e38544dba3f4174fa7 /ssl | |
parent | 7b23c126e604dbc7e13bdf69b968ae9f8131a7fc (diff) |
Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
Thanks to Antonio Martin, Enterprise Secure Access Research and
Development, Cisco Systems, Inc. for discovering this bug and
preparing a fix. (CVE-2012-0050)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/d1_pkt.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index fdeaac8804..4dc091a20e 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -384,6 +384,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -455,19 +456,15 @@ printf("\n"); #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; } |