Import upstream release 5.2.1

author: Romain Francoise <rfrancoise@debian.org> 2014-10-21 19:28:38 +0200
committer: Romain Francoise <rfrancoise@debian.org> 2014-10-21 19:41:50 +0200
commit: b23b0e5609ed4b3d29396a1727aab035fa4a395f (patch)
tree: 091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/libtls/tls_aead_impl.c
parent: 4a01a7e2574040cf246fd00ebff173b873c17349 (diff)
download: vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz
vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c
index fb14026e0..d529ceba7 100644
--- a/src/libtls/tls_aead_impl.c
+++ b/src/libtls/tls_aead_impl.c
@@ -100,6 +100,7 @@ METHOD(tls_aead_t, decrypt, bool,
 	chunk_t assoc, mac, iv;
 	u_int8_t bs, padlen;
 	sigheader_t hdr;
+	size_t i;
 
 	bs = this->crypter->get_block_size(this->crypter);
 	if (data->len < bs || data->len < this->iv.len || data->len % bs)
@@ -116,6 +117,13 @@ METHOD(tls_aead_t, decrypt, bool,
 	padlen = data->ptr[data->len - 1];
 	if (padlen < data->len)
 	{	/* If padding looks valid, remove it */
+		for (i = data->len - padlen - 1; i < data->len - 1; i++)
+		{
+			if (data->ptr[i] != padlen)
+			{
+				return FALSE;
+			}
+		}
 		data->len -= padlen + 1;
 	}
author	Romain Francoise <rfrancoise@debian.org>	2014-10-21 19:28:38 +0200
committer	Romain Francoise <rfrancoise@debian.org>	2014-10-21 19:41:50 +0200
commit	b23b0e5609ed4b3d29396a1727aab035fa4a395f (patch)
tree	091d0b144dd92a0c124b7fbe9eae68f79cb975dc /src/libtls/tls_aead_impl.c
parent	4a01a7e2574040cf246fd00ebff173b873c17349 (diff)
download	vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.tar.gz vyos-strongswan-b23b0e5609ed4b3d29396a1727aab035fa4a395f.zip