diff options
author | Raimo Niskanen <[email protected]> | 2019-04-18 12:53:50 +0200 |
---|---|---|
committer | Raimo Niskanen <[email protected]> | 2019-04-18 12:53:50 +0200 |
commit | c001acbd58cca348c0c8cc886febc104ba14be09 (patch) | |
tree | a21e9da4ed1984eb6da61e46e075016e0f55db4b /lib/ssl | |
parent | 143682bb10ff77971ea93fb9c3d502d0451276d6 (diff) | |
parent | 5cdd8e8113675ec02bb352b906a813c69db04378 (diff) | |
download | otp-c001acbd58cca348c0c8cc886febc104ba14be09.tar.gz otp-c001acbd58cca348c0c8cc886febc104ba14be09.tar.bz2 otp-c001acbd58cca348c0c8cc886febc104ba14be09.zip |
Merge branch 'raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054' into maint
* raimo/ssl/beast-mitigation-hickup/ERIERL-346/OTP-15054:
Do not create empty binaries when splitting iovec
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/tls_record.erl | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index b456197398..38022030ee 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -577,16 +577,18 @@ encode_fragments(_Type, _Version, _Data, CS, _CompS, _CipherS, _Seq, _CipherFrag %% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are %% not vulnerable to this attack. -split_iovec([<<FirstByte:8, Rest/binary>>|Data], Version, BCA, one_n_minus_one) +split_iovec(Data, Version, BCA, one_n_minus_one) when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse {3, 0} == Version) -> - [[FirstByte]|split_iovec([Rest|Data])]; + {Part, RestData} = split_iovec(Data, 1, []), + [Part|split_iovec(RestData)]; %% 0/n splitting countermeasure for clients that are incompatible with 1/n-1 %% splitting. split_iovec(Data, Version, BCA, zero_n) when (BCA =/= ?RC4) andalso ({3, 1} == Version orelse {3, 0} == Version) -> - [<<>>|split_iovec(Data)]; + {Part, RestData} = split_iovec(Data, 0, []), + [Part|split_iovec(RestData)]; split_iovec(Data, _Version, _BCA, _BeatMitigation) -> split_iovec(Data). @@ -596,16 +598,16 @@ split_iovec(Data) -> {Part,Rest} = split_iovec(Data, ?MAX_PLAIN_TEXT_LENGTH, []), [Part|split_iovec(Rest)]. %% -split_iovec([Bin|Data], SplitSize, Acc) -> +split_iovec([Bin|Data] = Bin_Data, SplitSize, Acc) -> BinSize = byte_size(Bin), if + BinSize =< SplitSize -> + split_iovec(Data, SplitSize - BinSize, [Bin|Acc]); + SplitSize == 0 -> + {lists:reverse(Acc), Bin_Data}; SplitSize < BinSize -> {Last, Rest} = erlang:split_binary(Bin, SplitSize), - {lists:reverse(Acc, [Last]), [Rest|Data]}; - BinSize < SplitSize -> - split_iovec(Data, SplitSize - BinSize, [Bin|Acc]); - true -> % Perfect match - {lists:reverse(Acc, [Bin]), Data} + {lists:reverse(Acc, [Last]), [Rest|Data]} end; split_iovec([], _SplitSize, Acc) -> {lists:reverse(Acc),[]}. |