From 613522a40ac91ec64f81af850d4c50caa3129748 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 13 Nov 2011 10:42:06 +0200 Subject: [PATCH] TLS: Fix block cipher padding validation The padding validation was done on the last padding-length octets in the buffer which misses the first padding octet (the last octet is the padding length). Fix the starting offset for the comparison loop to get the first octet verified. [Bug 420] Signed-hostap: Jouni Malinen --- src/tls/tlsv1_record.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/tls/tlsv1_record.c b/src/tls/tlsv1_record.c index 1b1b4668c..dd022a58e 100644 --- a/src/tls/tlsv1_record.c +++ b/src/tls/tlsv1_record.c @@ -406,13 +406,13 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl, force_mac_error = 1; goto check_mac; } - for (i = plen - padlen; i < plen; i++) { + for (i = plen - padlen - 1; i < plen - 1; i++) { if (out_data[i] != padlen) { wpa_hexdump(MSG_DEBUG, "TLSv1: Invalid pad in " "received record", - out_data + plen - padlen, - padlen); + out_data + plen - padlen - + 1, padlen + 1); force_mac_error = 1; goto check_mac; }