From 6cbc78906b24cd274f61d205d7f43d66ca08e808 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@google.com>
Date: Fri, 12 Jun 2015 08:05:49 +0100
Subject: [PATCH] Allow a zero length extension block

It is valid for an extension block to be present in a ClientHello, but to
be of zero length.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
 ssl/t1_lib.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c2d7d72071..d70b93fead 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1016,12 +1016,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 
     s->srtp_profile = NULL;
 
-    if (data >= (d + n - 2)) {
-        if (data != d + n)
-            goto err;
-        else
-            goto ri_check;
-    }
+    if (data == d + n)
+        goto ri_check;
+
+    if (data > (d + n - 2))
+        goto err;
+
     n2s(data, len);
 
     if (data > (d + n - len))
-- 
2.34.1