when block padding is used, byte value 0 can never
be the final byte of the padded plain text, the only
valid range is [1 .. block_size].
The check for 0 is not performed when detecting
malformed padding in EVP_DecryptFinal_ex.
I've attached the one-line patch for this.
regards
Sreeram
diff -ur openssl-0.9.8-orig/crypto/evp/evp_enc.c
openssl-0.9.8/crypto/evp/evp_enc.c
--- openssl-0.9.8-orig/crypto/evp/evp_enc.c 2005-05-11 09:15:30.000000000
+0530
+++ openssl-0.9.8/crypto/evp/evp_enc.c 2005-07-19 01:27:38.378272000 +0530
@@ -449,7 +449,7 @@
}
OPENSSL_assert(b <= sizeof ctx->final);
n=ctx->final[b-1];
- if (n > (int)b)
+ if ( (n == 0) || (n > (int)b) )
{
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
return(0);
