Fix false reject in padding check in ssl_decrypt_buf() for CBC ciphersuites

In case full SSL frames arrived, they were rejected because an overly strict padding check.
2025-11-04 04:32:24 -05:00 · 2014-04-25 12:59:03 +02:00 · 2014-04-25 12:59:03 +02:00 · 61885c7f7f
commit 61885c7f7f
parent fdba46885b
2 changed files with 6 additions and 2 deletions
--- a/2
+++ b/2
@ -11,6 +11,8 @@ Bugfix
   * Typos in platform.c and pkcs11.c (found by Daniel Phillips and Steffan
     Karger)
   * cert_write app should use subject of issuer certificate as issuer of cert
+   * Fix false reject in padding check in ssl_decrypt_buf() for CBC
+     ciphersuites, for full SSL frames of data.

 = PolarSSL 1.3.6 released on 2014-04-11

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1633,13 +1633,15 @@ static int ssl_decrypt_buf( ssl_context *ssl )
             * Padding is guaranteed to be incorrect if:
             *   1. padlen >= ssl->in_msglen
             *
-             *   2. padding_idx > SSL_MAX_CONTENT_LEN
+             *   2. padding_idx >= SSL_MAX_CONTENT_LEN +
+             *                     ssl->transform_in->maclen
             *
             * In both cases we reset padding_idx to a safe value (0) to
             * prevent out-of-buffer reads.
             */
            correct &= ( ssl->in_msglen >= padlen + 1 );
-            correct &= ( padding_idx <= SSL_MAX_CONTENT_LEN );
+            correct &= ( padding_idx < SSL_MAX_CONTENT_LEN +
+                                       ssl->transform_in->maclen );

            padding_idx *= correct;