It is possible (although unlikely in practice) for peer_finish_md_len to - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2014-09-22 12:36:06 +0000
committer	jsing <>	2014-09-22 12:36:06 +0000
commit	bc9843be364dd752ca9220e38960425978b2ad77 (patch)
tree	2d6ce4054b3f35aec05209d0b9a3f8a375250cf1 /src/lib/libssl/ssl_err.c
parent	5d237272df7ccfde22003cad538e834fac8137de (diff)
download	openbsd-bc9843be364dd752ca9220e38960425978b2ad77.tar.gz openbsd-bc9843be364dd752ca9220e38960425978b2ad77.tar.bz2 openbsd-bc9843be364dd752ca9220e38960425978b2ad77.zip

It is possible (although unlikely in practice) for peer_finish_md_len to

end up with a value of zero, primarily since ssl3_take_mac() fails to check the return value from the final_finish_mac() call. This would then mean that an SSL finished message with a zero-byte payload would successfully match against the calculated finish MAC. Avoid this by checking the length of peer_finish_md_len and the SSL finished message payload, against the known length already stored in the SSL3_ENC_METHOD finish_mac_length field (making use of a previously unused field). ok miod@ (a little while back)

Diffstat (limited to 'src/lib/libssl/ssl_err.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: