From 62a39773e9d0c4a686a3d8d2b6cca32f82c26cd7 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 12 Jun 2018 14:29:57 +0200
Subject: [PATCH] cbc_mac_verify: require minimum padding under SSL3.0
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
lib/cipher.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/cipher.c b/lib/cipher.c
index 287f2e8c8a..8e7bd8227d 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -747,8 +747,12 @@ ciphertext_to_compressed(gnutls_session_t session,
* because there is a timing channel in that memory access (in certain CPUs).
*/
#ifdef ENABLE_SSL3
- if (ver->id != GNUTLS_SSL3)
+ if (ver->id == GNUTLS_SSL3) {
+ if (pad >= blocksize)
+ pad_failed = 1;
+ } else
#endif
+ {
for (i = 2; i <= MIN(256, ciphertext->size); i++) {
tmp_pad_failed |=
(compressed->
@@ -756,6 +760,7 @@ ciphertext_to_compressed(gnutls_session_t session,
pad_failed |=
((i <= (1 + pad)) & (tmp_pad_failed));
}
+ }
if (unlikely
(pad_failed != 0
--
2.18.1
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
231079714c1a75948fc75bf41b48babb
>
files
>
3
