X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_lib.c;h=e3952870120aded14606d943feca53509facfc6f;hp=e8bc34c1113ba78346d73bbf7bb399853a8aab7a;hb=e97359435ee15e6d2c0580c76a58040e8dc3ce60;hpb=afce9bcca15bbf4a015d3f678cec5501ca1092eb

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e8bc34c111..e395287012 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -983,9 +983,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
 	{
+	unsigned short length;
 	unsigned short type;
 	unsigned short size;
-	unsigned short len;  
 	unsigned char *data = *p;
 	int tlsext_servername = 0;
 	int renegotiate_seen = 0;
@@ -993,7 +993,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 	if (data >= (d+n-2))
 		goto ri_check;
 
-	n2s(data,len);
+	n2s(data,length);
+	if (data+length != d+n)
+		{
+		*al = SSL_AD_DECODE_ERROR;
+		return 0;
+		}
 
 	while(data <= (d+n-4))
 		{