Fix bug in TLS CBC unpadding

Regression introduced in 007314c5 Found by OSS-Fuzz (bug id 11693)
author: Jack Lloyd <[email protected]> 2018-12-03 09:59:04 -0500
committer: Jack Lloyd <[email protected]> 2018-12-03 09:59:04 -0500
commit: 6bf823ce117e966d51ec836af54510ecca66c818 (patch)
tree: a089690765170b00ff66252a5591e8efc1957fdd /src/lib/tls/tls_cbc
parent: 10cde6b85d018979fd94fc1c83f27758f4b134b6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp
index f3ea17d42..f7f3ebc8f 100644
--- a/src/lib/tls/tls_cbc/tls_cbc.cpp
+++ b/src/lib/tls/tls_cbc/tls_cbc.cpp
@@ -235,7 +235,7 @@ uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len)
    const uint8_t pad_byte = record[record_len-1];
    const uint16_t pad_bytes = 1 + pad_byte;
 
-   auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_byte);
+   auto pad_invalid = CT::Mask<uint16_t>::is_lt(rec16, pad_bytes);
 
    for(uint16_t i = rec16 - to_check; i != rec16; ++i)
       {
author	Jack Lloyd <[email protected]>	2018-12-03 09:59:04 -0500
committer	Jack Lloyd <[email protected]>	2018-12-03 09:59:04 -0500
commit	6bf823ce117e966d51ec836af54510ecca66c818 (patch)
tree	a089690765170b00ff66252a5591e8efc1957fdd /src/lib/tls/tls_cbc
parent	10cde6b85d018979fd94fc1c83f27758f4b134b6 (diff)