diff options
| author | Erlang/OTP <[email protected]> | 2019-04-17 16:14:45 +0200 |
|---|---|---|
| committer | Erlang/OTP <[email protected]> | 2019-04-17 16:14:45 +0200 |
| commit | 1f86f261c55fe2a69b3b03e9a4b097925dc70263 (patch) | |
| tree | b77c94c4609ffa526133bbcc75d246d7a04f4439 | |
| parent | 5d05cf5417b9f447a2de1cfaf705371c9ba64d50 (diff) | |
| parent | 5cdd8e8113675ec02bb352b906a813c69db04378 (diff) | |
| download | otp-1f86f261c55fe2a69b3b03e9a4b097925dc70263.tar.gz otp-1f86f261c55fe2a69b3b03e9a4b097925dc70263.tar.bz2 otp-1f86f261c55fe2a69b3b03e9a4b097925dc70263.zip | |
Merge branch 'raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054' into maint-21
* raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054:
Do not create empty binaries when splitting iovec
| -rw-r--r-- | lib/ssl/src/tls_record.erl | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index b456197398..38022030ee 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -577,16 +577,18 @@ encode_fragments(_Type, _Version, _Data, CS, _CompS, _CipherS, _Seq, _CipherFrag %% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are %% not vulnerable to this attack. -split_iovec([<<FirstByte:8, Rest/binary>>|Data], Version, BCA, one_n_minus_one) +split_iovec(Data, Version, BCA, one_n_minus_one) when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse {3, 0} == Version) -> - [[FirstByte]|split_iovec([Rest|Data])]; + {Part, RestData} = split_iovec(Data, 1, []), + [Part|split_iovec(RestData)]; %% 0/n splitting countermeasure for clients that are incompatible with 1/n-1 %% splitting. split_iovec(Data, Version, BCA, zero_n) when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse {3, 0} == Version) -> - [<<>>|split_iovec(Data)]; + {Part, RestData} = split_iovec(Data, 0, []), + [Part|split_iovec(RestData)]; split_iovec(Data, _Version, _BCA, _BeatMitigation) -> split_iovec(Data). @@ -596,16 +598,16 @@ split_iovec(Data) -> {Part,Rest} = split_iovec(Data, ?MAX_PLAIN_TEXT_LENGTH, []), [Part|split_iovec(Rest)]. %% -split_iovec([Bin|Data], SplitSize, Acc) -> +split_iovec([Bin|Data] = Bin_Data, SplitSize, Acc) -> BinSize = byte_size(Bin), if + BinSize =< SplitSize -> + split_iovec(Data, SplitSize - BinSize, [Bin|Acc]); + SplitSize == 0 -> + {lists:reverse(Acc), Bin_Data}; SplitSize < BinSize -> {Last, Rest} = erlang:split_binary(Bin, SplitSize), - {lists:reverse(Acc, [Last]), [Rest|Data]}; - BinSize < SplitSize -> - split_iovec(Data, SplitSize - BinSize, [Bin|Acc]); - true -> % Perfect match - {lists:reverse(Acc, [Bin]), Data} + {lists:reverse(Acc, [Last]), [Rest|Data]} end; split_iovec([], _SplitSize, Acc) -> {lists:reverse(Acc),[]}. |