From 36dd4cba3dfa87aebd59d10c844fdda3a31b89db Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 10 May 2012 14:33:11 +0000
Subject: Sanity check record length before skipping explicit IV in DTLS to fix
 DoS attack.

Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
---
 ssl/d1_enc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ssl')

diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
index bb96c8a20c..baa75f9186 100644
--- a/ssl/d1_enc.c
+++ b/ssl/d1_enc.c
@@ -249,7 +249,7 @@ int dtls1_enc(SSL *s, int send)
 				}
 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
 			 * All of them must have value 'padding_length'. */
-			if (i > (int)rec->length)
+			if (i + bs > (int)rec->length)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is
-- 
cgit v1.2.3