PR: 2739

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.

PR: 2739
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.
57cb030c · Dr. Stephen Henson · d441e6d8 · 57cb030c · 57cb030c
隐藏空白更改
内联并排

Showing with 6 addition and 2 deletion

ssl/d1_both.c ssl/d1_both.c +2 -1

ssl/t1_lib.c ssl/t1_lib.c +4 -1

未找到文件。
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -1422,8 +1422,9 @@ dtls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
+		bp += payload;
 		/* Random padding */
-		RAND_pseudo_bytes(p, padding);
+		RAND_pseudo_bytes(bp, padding);

 		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);


--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2467,7 +2467,10 @@ tls1_process_heartbeat(SSL *s)
 		*bp++ = TLS1_HB_RESPONSE;
 		s2n(payload, bp);
 		memcpy(bp, pl, payload);
-		
+		bp += payload;
+		/* Random padding */
+		RAND_pseudo_bytes(bp, padding);
+
 		r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);

 		if (r >= 0 && s->msg_callback)