tls: Check all bytes of the padding if they equal the padding length

diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 5e4d33e..37779a1 100644 (file)
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -106,6 +106,7 @@ METHOD(tls_aead_t, decrypt, bool,
        chunk_t assoc, mac, iv;
        u_int8_t bs, padlen;
        sigheader_t hdr;
+       size_t i;
 
        iv.len = this->crypter->get_iv_size(this->crypter);
        if (data->len < iv.len)
@@ -126,6 +127,13 @@ METHOD(tls_aead_t, decrypt, bool,
        padlen = data->ptr[data->len - 1];
        if (padlen < data->len)
        {       /* If padding looks valid, remove it */
+               for (i = data->len - padlen - 1; i < data->len - 1; i++)
+               {
+                       if (data->ptr[i] != padlen)
+                       {
+                               return FALSE;
+                       }
+               }
                data->len -= padlen + 1;
        }
 

diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c
index fb14026..d529ceb 100644 (file)
--- a/src/libtls/tls_aead_impl.c
+++ b/src/libtls/tls_aead_impl.c
@@ -100,6 +100,7 @@ METHOD(tls_aead_t, decrypt, bool,
        chunk_t assoc, mac, iv;
        u_int8_t bs, padlen;
        sigheader_t hdr;
+       size_t i;
 
        bs = this->crypter->get_block_size(this->crypter);
        if (data->len < bs || data->len < this->iv.len || data->len % bs)
@@ -116,6 +117,13 @@ METHOD(tls_aead_t, decrypt, bool,
        padlen = data->ptr[data->len - 1];
        if (padlen < data->len)
        {       /* If padding looks valid, remove it */
+               for (i = data->len - padlen - 1; i < data->len - 1; i++)
+               {
+                       if (data->ptr[i] != padlen)
+                       {
+                               return FALSE;
+                       }
+               }
                data->len -= padlen + 1;
        }