Don't attempt to add a zero length padding extension

author Matt Caswell <matt@openssl.org>

Mon, 4 Sep 2017 07:44:02 +0000 (08:44 +0100)

committer Matt Caswell <matt@openssl.org>

Mon, 4 Sep 2017 14:15:30 +0000 (15:15 +0100)
author Matt Caswell <matt@openssl.org>
Mon, 4 Sep 2017 07:44:02 +0000 (08:44 +0100)
committer Matt Caswell <matt@openssl.org>
Mon, 4 Sep 2017 14:15:30 +0000 (15:15 +0100)
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c

index 2c72dea248c35cb944f20bc2852c24fce491c55f..bffe7aca08b6e7ba67a2ebbdf9ecd7a3bd943b31 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -843,7 +843,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
           * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
           * 8.x are intolerant of that condition)
           */
-        if (hlen >= 4)
+        if (hlen > 4)
              hlen -= 4;
          else
              hlen = 1;
author	Matt Caswell <matt@openssl.org>
	Mon, 4 Sep 2017 07:44:02 +0000 (08:44 +0100)
committer	Matt Caswell <matt@openssl.org>
	Mon, 4 Sep 2017 14:15:30 +0000 (15:15 +0100)