From 4e44bd3650b4ceda182de8978244b5b8dc6d0f5a Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 4 Jan 2012 23:13:29 +0000
Subject: Clear bytes used for block padding of SSL 3.0 records.
 (CVE-2011-4576)

---
 ssl/s3_enc.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ssl/s3_enc.c')

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 0ddfe192bc..c5df2cb90a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -512,6 +512,9 @@ int ssl3_enc(SSL *s, int send)
 
 			/* we need to add 'i-1' padding bytes */
 			l+=i;
+			/* the last of these zero bytes will be overwritten
+			 * with the padding length. */
+			memset(&rec->input[rec->length], 0, i);
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}
-- 
cgit v1.2.3