Reduced the input / output overhead with 200+ bytes and covered corner

case

The actual input / output buffer overhead is only 301 instead of 512.
This requires a proper check on the padding_idx to prevent out of bounds
reads.

Previously a remote party could potentially trigger an access error and
thus stop the application when sending a malicious packet having
MAX_CONTENT_LEN of data, 32 bytes of MAC and a decrypted padlen of .
This would result in reading from in_ctr + 13 + 32 + MAX_CONTENT_LEN - 1 - 1
for 256 bytes (including fake padding check). Or 13 + 32 bytes over the
buffer length.

We now reset padding_idx to 0, if it's clear that it will never be a
valid padding (padlen > msg_len || msg_len + padlen + 256 > buffer_len)

1 files changed, 4 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 7df5fa3..3078c58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,10 @@ Bugfix
    * Memory leak in benchmark application
    * Fixed x509_crt_parse_path() bug on Windows platforms
 
+Security
+   * Possible remotely-triggered out-of-bounds memory access fixed (found by
+     TrustInSoft)
+
 = PolarSSL 1.3.2 released on 2013-11-04
 Features
    * PK tests added to test framework