Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576) [include source patch this time!]

author: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 15:38:54 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-01-04 15:38:54 +0000
commit: 8206dba75c7fc1a5274b3a9f8ddc4e77cf34669d (patch)
tree: 884f4e17d41f5eeb6a4570ae37abe02cec7105f7 /ssl/s3_enc.c
parent: 528ef87850f54676d13ff17d40a166cf8f127331 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 58386e1ba0..b14597076d 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send)
 
 			/* we need to add 'i-1' padding bytes */
 			l+=i;
+			/* the last of these zero bytes will be overwritten
+			 * with the padding length. */
+			memset(&rec->input[rec->length], 0, i);
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}
author	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 15:38:54 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-01-04 15:38:54 +0000
commit	8206dba75c7fc1a5274b3a9f8ddc4e77cf34669d (patch)
tree	884f4e17d41f5eeb6a4570ae37abe02cec7105f7 /ssl/s3_enc.c
parent	528ef87850f54676d13ff17d40a166cf8f127331 (diff)