summaryrefslogtreecommitdiff
path: root/src/libtls/tls_aead_expl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtls/tls_aead_expl.c')
-rw-r--r--src/libtls/tls_aead_expl.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c
index 5e4d33e14..80b0db38c 100644
--- a/src/libtls/tls_aead_expl.c
+++ b/src/libtls/tls_aead_expl.c
@@ -91,7 +91,6 @@ METHOD(tls_aead_t, encrypt, bool,
/* encrypt inline */
if (!this->crypter->encrypt(this->crypter, *data, iv, NULL))
{
- free(data->ptr);
return FALSE;
}
/* prepend IV */
@@ -106,6 +105,7 @@ METHOD(tls_aead_t, decrypt, bool,
chunk_t assoc, mac, iv;
u_int8_t bs, padlen;
sigheader_t hdr;
+ size_t i;
iv.len = this->crypter->get_iv_size(this->crypter);
if (data->len < iv.len)
@@ -126,6 +126,13 @@ METHOD(tls_aead_t, decrypt, bool,
padlen = data->ptr[data->len - 1];
if (padlen < data->len)
{ /* If padding looks valid, remove it */
+ for (i = data->len - padlen - 1; i < data->len - 1; i++)
+ {
+ if (data->ptr[i] != padlen)
+ {
+ return FALSE;
+ }
+ }
data->len -= padlen + 1;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 15:24:09 +0000