int i, j;
int blocks;
int depaddinglen = 0;
+ uint8_t wrongpadding_flag = 0;
dtls_hmac_context_t* hmac_ctx = NULL;
pos = buf;
//de-padding
depaddinglen = buf[srclen -1];
+ /**
+ * message validation check in case of wrong key.
+ * In case of wrong padding legnth was detected
+ * set depadding length to zero in order to resist the padding oracle attack
+ * and prevent invalid memory access.
+ */
+ if(srclen <= DTLS_HMAC_DIGEST_SIZE + depaddinglen + 1) {
+ depaddinglen = 0;
+ wrongpadding_flag = 1;
+ }
+
//Calculate MAC
hmac_ctx = dtls_hmac_new(mac_key, mac_keylen);
if(!hmac_ctx) {
//verify the MAC
if(memcmp(mac_buf,
buf + (srclen - DTLS_HMAC_DIGEST_SIZE - depaddinglen - 1),
- DTLS_HMAC_DIGEST_SIZE) != 0)
+ DTLS_HMAC_DIGEST_SIZE) != 0 || wrongpadding_flag)
{
dtls_crit("Failed to verification of MAC\n");
return -1;