diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-01-04 15:38:54 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-01-04 15:38:54 +0000 |
commit | 8206dba75c7fc1a5274b3a9f8ddc4e77cf34669d (patch) | |
tree | 884f4e17d41f5eeb6a4570ae37abe02cec7105f7 /ssl/s3_enc.c | |
parent | 528ef87850f54676d13ff17d40a166cf8f127331 (diff) |
Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]
Diffstat (limited to 'ssl/s3_enc.c')
-rw-r--r-- | ssl/s3_enc.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 58386e1ba0..b14597076d 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send) /* we need to add 'i-1' padding bytes */ l+=i; + /* the last of these zero bytes will be overwritten + * with the padding length. */ + memset(&rec->input[rec->length], 0, i); rec->length+=i; rec->input[l-1]=(i-1); } |