From c1acef9263b875cc80431b8054049dedc59cd41d Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Thu, 25 Jan 2018 19:30:54 -0600
Subject: [PATCH] Fix uninitialized read in sigalg parsing code

The check for a duplicate value was reading one entry past
where it was supposed to, getting an uninitialized value.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5172)
---
 ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d4c9086e5a..7109741a7d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1781,7 +1781,7 @@ static int sig_cb(const char *elem, int len, void *arg)
 
     /* Reject duplicates */
     for (i = 0; i < sarg->sigalgcnt - 1; i++) {
-        if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt]) {
+        if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
             sarg->sigalgcnt--;
             return 0;
         }
-- 
2.34.1