check length properly
authorBodo Möller <bodo@openssl.org>
Mon, 3 Apr 2006 13:57:56 +0000 (13:57 +0000)
committerBodo Möller <bodo@openssl.org>
Mon, 3 Apr 2006 13:57:56 +0000 (13:57 +0000)
Submitted by: Peter Sylvester

ssl/t1_lib.c

index d75588676d22c06aa32c5da3622a2af17d43216a..69c0d42b1acd43d69c3d3a7b8a3bc8e3fc337a56 100644 (file)
@@ -221,7 +221,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                /* Add TLS extension EllipticCurves to the ClientHello message */
                long lenmax; 
 
                /* Add TLS extension EllipticCurves to the ClientHello message */
                long lenmax; 
 
-               if ((lenmax = limit - p - 5) < 0) return NULL; 
+               if ((lenmax = limit - p - 6) < 0) return NULL; 
                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
                if (s->tlsext_ellipticcurvelist_length > 255)
                        {
                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
                if (s->tlsext_ellipticcurvelist_length > 255)
                        {