diff options
| author | Adam Langley <agl@chromium.org> | 2014-06-20 23:00:00 +0400 |
|---|---|---|
| committer | Adam Langley <agl@chromium.org> | 2014-06-21 00:17:37 +0400 |
| commit | 80842bdb44855dd7f1dde64a3fa9f4e782310fc7 (patch) | |
| tree | 1a048b3ee886b9e22496faa18d5241b0b3ab5e5f /ssl/s3_cbc.c | |
| parent | cd8128d618f2c5d598141878d9821aac0d58bb26 (diff) | |
Fix test of first of 255 CBC padding bytes.
Thanks to Peter Gijsels for pointing out that if a CBC record has 255
bytes of padding, the first was not being checked.
Diffstat (limited to 'ssl/s3_cbc.c')
| -rw-r--r-- | ssl/s3_cbc.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index d0925935..6e2902a2 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -203,9 +203,9 @@ int tls1_cbc_remove_padding(const SSL* s, * decrypted information. Therefore we always have to check the maximum * amount of padding possible. (Again, the length of the record is * public information so we can use it.) */ - to_check = 255; /* maximum amount of padding. */ - if (to_check > rec->length-1) - to_check = rec->length-1; + to_check = 256; /* maximum amount of padding, inc length byte. */ + if (to_check > rec->length) + to_check = rec->length; for (i = 0; i < to_check; i++) { |