Import upstream release 5.2.1

author: Romain Francoise <rfrancoise@debian.org> 2014-10-21 19:28:38 +0200
committer: Romain Francoise <rfrancoise@debian.org> 2014-10-21 19:41:50 +0200
commit: b23b0e5609ed4b3d29396a1727aab035fa4a395f (patch)
tree: 091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/libtls/tls_aead_expl.c
parent: 4a01a7e2574040cf246fd00ebff173b873c17349 (diff)
download: vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz
vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 5e4d33e14..80b0db38c 100644
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -91,7 +91,6 @@ METHOD(tls_aead_t, encrypt, bool,
 	/* encrypt inline */
 	if (!this->crypter->encrypt(this->crypter, *data, iv, NULL))
 	{
-		free(data->ptr);
 		return FALSE;
 	}
 	/* prepend IV */
@@ -106,6 +105,7 @@ METHOD(tls_aead_t, decrypt, bool,
 	chunk_t assoc, mac, iv;
 	u_int8_t bs, padlen;
 	sigheader_t hdr;
+	size_t i;
 
 	iv.len = this->crypter->get_iv_size(this->crypter);
 	if (data->len < iv.len)
@@ -126,6 +126,13 @@ METHOD(tls_aead_t, decrypt, bool,
 	padlen = data->ptr[data->len - 1];
 	if (padlen < data->len)
 	{	/* If padding looks valid, remove it */
+		for (i = data->len - padlen - 1; i < data->len - 1; i++)
+		{
+			if (data->ptr[i] != padlen)
+			{
+				return FALSE;
+			}
+		}
 		data->len -= padlen + 1;
 	}
author	Romain Francoise <rfrancoise@debian.org>	2014-10-21 19:28:38 +0200
committer	Romain Francoise <rfrancoise@debian.org>	2014-10-21 19:41:50 +0200
commit	b23b0e5609ed4b3d29396a1727aab035fa4a395f (patch)
tree	091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/libtls/tls_aead_expl.c
parent	4a01a7e2574040cf246fd00ebff173b873c17349 (diff)
download	vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip