aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRaimo Niskanen <[email protected]>2019-04-18 12:53:50 +0200
committerRaimo Niskanen <[email protected]>2019-04-18 12:53:50 +0200
commitc001acbd58cca348c0c8cc886febc104ba14be09 (patch)
treea21e9da4ed1984eb6da61e46e075016e0f55db4b
parent143682bb10ff77971ea93fb9c3d502d0451276d6 (diff)
parent5cdd8e8113675ec02bb352b906a813c69db04378 (diff)
downloadotp-c001acbd58cca348c0c8cc886febc104ba14be09.tar.gz
otp-c001acbd58cca348c0c8cc886febc104ba14be09.tar.bz2
otp-c001acbd58cca348c0c8cc886febc104ba14be09.zip
Merge branch 'raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054' into maint
* raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054: Do not create empty binaries when splitting iovec
-rw-r--r--lib/ssl/src/tls_record.erl20
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl
index b456197398..38022030ee 100644
--- a/lib/ssl/src/tls_record.erl
+++ b/lib/ssl/src/tls_record.erl
@@ -577,16 +577,18 @@ encode_fragments(_Type, _Version, _Data, CS, _CompS, _CipherS, _Seq, _CipherFrag
%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are
%% not vulnerable to this attack.
-split_iovec([<<FirstByte:8, Rest/binary>>|Data], Version, BCA, one_n_minus_one)
+split_iovec(Data, Version, BCA, one_n_minus_one)
when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse
{3, 0} == Version) ->
- [[FirstByte]|split_iovec([Rest|Data])];
+ {Part, RestData} = split_iovec(Data, 1, []),
+ [Part|split_iovec(RestData)];
%% 0/n splitting countermeasure for clients that are incompatible with 1/n-1
%% splitting.
split_iovec(Data, Version, BCA, zero_n)
when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse
{3, 0} == Version) ->
- [<<>>|split_iovec(Data)];
+ {Part, RestData} = split_iovec(Data, 0, []),
+ [Part|split_iovec(RestData)];
split_iovec(Data, _Version, _BCA, _BeatMitigation) ->
split_iovec(Data).
@@ -596,16 +598,16 @@ split_iovec(Data) ->
{Part,Rest} = split_iovec(Data, ?MAX_PLAIN_TEXT_LENGTH, []),
[Part|split_iovec(Rest)].
%%
-split_iovec([Bin|Data], SplitSize, Acc) ->
+split_iovec([Bin|Data] = Bin_Data, SplitSize, Acc) ->
BinSize = byte_size(Bin),
if
+ BinSize =< SplitSize ->
+ split_iovec(Data, SplitSize - BinSize, [Bin|Acc]);
+ SplitSize == 0 ->
+ {lists:reverse(Acc), Bin_Data};
SplitSize < BinSize ->
{Last, Rest} = erlang:split_binary(Bin, SplitSize),
- {lists:reverse(Acc, [Last]), [Rest|Data]};
- BinSize < SplitSize ->
- split_iovec(Data, SplitSize - BinSize, [Bin|Acc]);
- true -> % Perfect match
- {lists:reverse(Acc, [Bin]), Data}
+ {lists:reverse(Acc, [Last]), [Rest|Data]}
end;
split_iovec([], _SplitSize, Acc) ->
{lists:reverse(Acc),[]}.