]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Corrected bugs in record parsing.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 4 Dec 2012 19:57:38 +0000 (20:57 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 4 Dec 2012 19:57:38 +0000 (20:57 +0100)
Corrected bugs in record padding parsing. Reported by Kenny Patterson and Nadhem Alfardan.

lib/gnutls_cipher.c

index 248b376a54c2960175fa9a46d0f3acf417d5e227..a9a02de3179b0e2c2f83cb6100a7fb55c117d9a5 100644 (file)
@@ -441,10 +441,10 @@ ciphertext_to_compressed (gnutls_session_t session,
                           uint64* sequence)
 {
   uint8_t tag[MAX_HASH_SIZE];
-  uint8_t pad;
+  unsigned int pad, i;
   int length, length_to_decrypt;
   uint16_t blocksize;
-  int ret, i, pad_failed = 0;
+  int ret, pad_failed = 0;
   uint8_t preamble[MAX_PREAMBLE_SIZE];
   unsigned int preamble_size;
   unsigned int ver = gnutls_protocol_get_version (session);
@@ -541,7 +541,7 @@ ciphertext_to_compressed (gnutls_session_t session,
       pad = ciphertext->data[ciphertext->size - 1] + 1;   /* pad */
 
 
-      if ((int) pad > (int) ciphertext->size - tag_size)
+      if (pad > (int) ciphertext->size - tag_size)
         {
           gnutls_assert ();
           _gnutls_record_log
@@ -559,7 +559,7 @@ ciphertext_to_compressed (gnutls_session_t session,
       /* Check the pading bytes (TLS 1.x)
        */
       if (ver != GNUTLS_SSL3)
-        for (i = 2; i < pad; i++)
+        for (i = 2; i <= pad; i++)
           {
             if (ciphertext->data[ciphertext->size - i] !=
                 ciphertext->data[ciphertext->size - 1])