TLS: Fix block cipher padding validation
The padding validation was done on the last padding-length octets in the buffer which misses the first padding octet (the last octet is the padding length). Fix the starting offset for the comparison loop to get the first octet verified. [Bug 420] Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
c4a3480826
commit
613522a40a
1 changed files with 3 additions and 3 deletions
|
@ -406,13 +406,13 @@ int tlsv1_record_receive(struct tlsv1_record_layer *rl,
|
||||||
force_mac_error = 1;
|
force_mac_error = 1;
|
||||||
goto check_mac;
|
goto check_mac;
|
||||||
}
|
}
|
||||||
for (i = plen - padlen; i < plen; i++) {
|
for (i = plen - padlen - 1; i < plen - 1; i++) {
|
||||||
if (out_data[i] != padlen) {
|
if (out_data[i] != padlen) {
|
||||||
wpa_hexdump(MSG_DEBUG,
|
wpa_hexdump(MSG_DEBUG,
|
||||||
"TLSv1: Invalid pad in "
|
"TLSv1: Invalid pad in "
|
||||||
"received record",
|
"received record",
|
||||||
out_data + plen - padlen,
|
out_data + plen - padlen -
|
||||||
padlen);
|
1, padlen + 1);
|
||||||
force_mac_error = 1;
|
force_mac_error = 1;
|
||||||
goto check_mac;
|
goto check_mac;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue