CVS commit: src/crypto/external/bsd/openssl/dist/ssl

[Matthias Drochner]

Module Name:    src
Committed By:   drochner
Date:           Wed Jan 18 20:08:50 UTC 2012

Modified Files:
        src/crypto/external/bsd/openssl/dist/ssl: d1_pkt.c

Log Message:
pull in rev.22050 from upstream CVS, following secadv_20120118.txt:
Fix for DTLS DoS issue introduced by fix for CVE-2011-4108 (CVE-2012-0050)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2 src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.3
--- src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c:1.2	Thu Jan  5 17:32:02 2012
+++ src/crypto/external/bsd/openssl/dist/ssl/d1_pkt.c	Wed Jan 18 20:08:49 2012
@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
 	unsigned int mac_size;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int decryption_failed_or_bad_record_mac = 0;
+	unsigned char *mac = NULL;
 
 
 	rr= &(s->s3->rrec);
@@ -450,19 +451,15 @@ printf("\n");
 #endif			
 			}
 		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-		if (rr->length < mac_size)
+		if (rr->length >= mac_size)
 			{
-#if 0 /* OK only for stream ciphers */
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-#else
-			decryption_failed_or_bad_record_mac = 1;
-#endif
+			rr->length -= mac_size;
+			mac = &rr->data[rr->length];
 			}
-		rr->length-=mac_size;
+		else
+			rr->length = 0;
 		i=s->method->ssl3_enc->mac(s,md,0);
-		if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+		if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
 			{
 			decryption_failed_or_bad_record_mac = 1;
 			}