check length properly
authorBodo Möller <bodo@openssl.org>
Mon, 3 Apr 2006 13:57:56 +0000 (13:57 +0000)
committerBodo Möller <bodo@openssl.org>
Mon, 3 Apr 2006 13:57:56 +0000 (13:57 +0000)
Submitted by: Peter Sylvester

ssl/t1_lib.c

index d755886..69c0d42 100644 (file)
@@ -221,7 +221,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                /* Add TLS extension EllipticCurves to the ClientHello message */
                long lenmax; 
 
-               if ((lenmax = limit - p - 5) < 0) return NULL; 
+               if ((lenmax = limit - p - 6) < 0) return NULL; 
                if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
                if (s->tlsext_ellipticcurvelist_length > 255)
                        {