diff options
| author | Jouni Malinen <j@w1.fi> | 2011-11-13 10:42:06 +0200 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2011-11-13 10:42:06 +0200 |
| commit | 613522a40ac91ec64f81af850d4c50caa3129748 (patch) | |
| tree | e3516b623ecf34cf8176a00b4815bc657c0e6564 /src/tls | |
| parent | c4a34808262cc138ccc78b838e93e7a0e35f3c14 (diff) | |
| download | external_wpa_supplicant_8_ti-613522a40ac91ec64f81af850d4c50caa3129748.zip external_wpa_supplicant_8_ti-613522a40ac91ec64f81af850d4c50caa3129748.tar.gz external_wpa_supplicant_8_ti-613522a40ac91ec64f81af850d4c50caa3129748.tar.bz2 | |
TLS: Fix block cipher padding validation
The padding validation was done on the last padding-length octets in the
buffer which misses the first padding octet (the last octet is the
padding length). Fix the starting offset for the comparison loop to get
the first octet verified. [Bug 420]
Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
| -rw-r--r-- | src/tls/tlsv1_record.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c index 1b1b466..dd022a5 100644 --- a/src/tls/tlsv1_record.c +++ b/src/tls/tlsv1_record.c @@ -406,13 +406,13 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, force_mac_error = 1; goto check_mac; } - for (i = plen - padlen; i < plen; i++) { + for (i = plen - padlen - 1; i < plen - 1; i++) { if (out_data[i] != padlen) { wpa_hexdump(MSG_DEBUG, "TLSv1: Invalid pad in " "received record", - out_data + plen - padlen, - padlen); + out_data + plen - padlen - + 1, padlen + 1); force_mac_error = 1; goto check_mac; } |