Commit 96c9aee2 authored by Todd Short's avatar Todd Short Committed by Matt Caswell

Limit padded record to max plaintext

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3374)
parent 47f7cf05
...@@ -860,7 +860,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, ...@@ -860,7 +860,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
} }
if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) { if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
size_t padding = 0; size_t rlen;
if (!WPACKET_put_bytes_u8(thispkt, type)) { if (!WPACKET_put_bytes_u8(thispkt, type)) {
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
...@@ -869,34 +869,37 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, ...@@ -869,34 +869,37 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
SSL3_RECORD_add_length(thiswr, 1); SSL3_RECORD_add_length(thiswr, 1);
/* Add TLS1.3 padding */ /* Add TLS1.3 padding */
if (s->record_padding_cb != NULL) { rlen = SSL3_RECORD_get_length(thiswr);
size_t rlen = SSL3_RECORD_get_length(thiswr); if (rlen < SSL3_RT_MAX_PLAIN_LENGTH) {
size_t padding = 0;
padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg); size_t max_padding = SSL3_RT_MAX_PLAIN_LENGTH - rlen;
/* do not allow the record to exceed max plaintext length */ if (s->record_padding_cb != NULL) {
if (padding > (SSL3_RT_MAX_PLAIN_LENGTH - rlen)) padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
padding = SSL3_RT_MAX_PLAIN_LENGTH - rlen; } else if (s->block_padding > 0) {
} else if (s->block_padding > 0) { size_t mask = s->block_padding - 1;
size_t mask = s->block_padding - 1; size_t remainder;
size_t remainder;
/* optimize for power of 2 */
/* optimize for power of 2 */ if ((s->block_padding & mask) == 0)
if ((s->block_padding & mask) == 0) remainder = rlen & mask;
remainder = SSL3_RECORD_get_length(thiswr) & mask; else
else remainder = rlen % s->block_padding;
remainder = SSL3_RECORD_get_length(thiswr) % s->block_padding; /* don't want to add a block of padding if we don't have to */
/* don't want to add a block of padding if we don't have to */ if (remainder == 0)
if (remainder == 0) padding = 0;
padding = 0; else
else padding = s->block_padding - remainder;
padding = s->block_padding - remainder; }
} if (padding > 0) {
if (padding > 0) { /* do not allow the record to exceed max plaintext length */
if (!WPACKET_memset(thispkt, 0, padding)) { if (padding > max_padding)
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); padding = max_padding;
goto err; if (!WPACKET_memset(thispkt, 0, padding)) {
SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
goto err;
}
SSL3_RECORD_add_length(thiswr, padding);
} }
SSL3_RECORD_add_length(thiswr, padding);
} }
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment