Validate ClientHello extension field length

author Alessandro Ghedini <alessandro@ghedini.me>

Fri, 2 Oct 2015 12:38:30 +0000 (14:38 +0200)

committer Matt Caswell <matt@openssl.org>

Mon, 5 Oct 2015 11:09:20 +0000 (12:09 +0100)
author Alessandro Ghedini <alessandro@ghedini.me>
Fri, 2 Oct 2015 12:38:30 +0000 (14:38 +0200)
committer Matt Caswell <matt@openssl.org>
Mon, 5 Oct 2015 11:09:20 +0000 (12:09 +0100)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c

index 210a5e87430f266f76edb893f00be9656ae6d4d7..33af933ea934c2828527d7b9618bf199b4c96f26 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2024,7 +2024,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
  
      n2s(data, len);
  
-    if (data > (d + n - len))
+    if (data + len != d + n)
          goto err;
  
      while (data <= (d + n - 4)) {
author	Alessandro Ghedini <alessandro@ghedini.me>
	Fri, 2 Oct 2015 12:38:30 +0000 (14:38 +0200)
committer	Matt Caswell <matt@openssl.org>
	Mon, 5 Oct 2015 11:09:20 +0000 (12:09 +0100)