| From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001 |
| From: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| Date: Thu, 23 May 2013 09:54:37 +0200 |
| Subject: [PATCH] re-applied sanity check patch |
| |
| --- |
| lib/gnutls_cipher.c | 2 ++ |
| 1 files changed, 2 insertions(+), 0 deletions(-) |
| |
| diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c |
| index 2835121..71f5a98 100644 |
| --- a/lib/gnutls_cipher.c |
| +++ b/lib/gnutls_cipher.c |
| @@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, |
| return GNUTLS_E_DECRYPTION_FAILED; |
| } |
| pad = ciphertext.data[ciphertext.size - 1]; /* pad */ |
| + if (pad+1 > ciphertext.size-hash_size) |
| + pad_failed = GNUTLS_E_DECRYPTION_FAILED; |
| |
| /* Check the pading bytes (TLS 1.x). |
| * Note that we access all 256 bytes of ciphertext for padding check |
| -- |
| 1.7.1 |
| |