[botan-devel] Remote DoS/crash in TLS code

Jack Lloyd lloyd at randombit.net
Fri Dec 23 16:21:22 EST 2011


While doing unrelated work on the TLS code, I discovered a lovely bug
that will cause a crash if a record does not decrypt properly. A patch
follows. You can work around this by only using RC4 based
ciphersuites.

While I'm on the subject, is anyone using the TLS code currently? I'm
making a number of changes to support new features (state machine IO,
session resumption, SRP, client cert auth, easier cert verification,
etc), and breaking APIs like crazy (in a branch). So now would be an
excellent time to comment on features you'd like / what you need for
IO support / etc. Offlist is fine.

If I don't hear from anybody I may assume nobody is using it and thus
it's safe to land the whole branch for 1.10.2. ;)

-Jack

#
# old_revision [6c2809f0c11ba10a137601a2e7eed7ac1f083002]
#
# patch "src/ssl/rec_read.cpp"
#  from [a61c18bd4fb11ed3d3caa7332361cc137fbc0134]
#    to [8b630305e3d3fa0dd25b8714cf801654473d5427]
#
============================================================
--- src/ssl/rec_read.cpp        a61c18bd4fb11ed3d3caa7332361cc137fbc0134
+++ src/ssl/rec_read.cpp        8b630305e3d3fa0dd25b8714cf801654473d5427
@@ -213,9 +213,14 @@ size_t Record_Reader::get_record(byte& m
          }
       else
          {
+         bool padding_good = true;
+
          for(size_t i = 0; i != pad_size; ++i)
             if(plaintext[plaintext.size()-i-1] != pad_value)
-               pad_size = 0;
+               padding_good = false;
+
+         if(!padding_good)
+            pad_size = 0;
          }
       }
 



More information about the botan-devel mailing list