Module Name: src Committed By: riz Date: Tue May 22 20:12:18 UTC 2012
Modified Files: src/crypto/dist/openssl/ssl [netbsd-5]: d1_enc.c Log Message: Pull up following revision(s) (requested by drochner in ticket #1762): crypto/dist/openssl/ssl/d1_enc.c: patch pull in upstream rev.22547: Sanity check record length before skipping explicit IV in TLS 1.2, 1.1 and DTLS to fix DoS attack. (CVE-2012-2333) To generate a diff of this commit: cvs rdiff -u -r1.1.1.3 -r1.1.1.3.4.1 src/crypto/dist/openssl/ssl/d1_enc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/openssl/ssl/d1_enc.c diff -u src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3 src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3.4.1 --- src/crypto/dist/openssl/ssl/d1_enc.c:1.1.1.3 Fri May 9 21:34:43 2008 +++ src/crypto/dist/openssl/ssl/d1_enc.c Tue May 22 20:12:17 2012 @@ -254,7 +254,7 @@ int dtls1_enc(SSL *s, int send) } /* TLS 1.0 does not bound the number of padding bytes by the block size. * All of them must have value 'padding_length'. */ - if (i > (int)rec->length) + if (i + bs > (int)rec->length) { /* Incorrect padding. SSLerr() and ssl3_alert are done * by caller: we don't want to reveal whether this is