Module Name: src Committed By: drochner Date: Wed Jan 18 20:08:50 UTC 2012
Modified Files: src/crypto/external/bsd/openssl/dist/ssl: d1_pkt.c Log Message: pull in rev.22050 from upstream CVS, following secadv_20120118.txt: Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.3 --- src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2 Thu Jan 5 17:32:02 2012 +++ src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c Wed Jan 18 20:08:49 2012 @@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -450,19 +451,15 @@ printf("\n"); #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; }