Don't check for a negative SRP extension size
authorMatt Caswell <matt@openssl.org>
Mon, 25 May 2015 23:05:28 +0000 (00:05 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 26 May 2015 09:35:29 +0000 (10:35 +0100)
The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/t1_lib.c

index ce010ca..a161dcc 100644 (file)
@@ -2047,7 +2047,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
         }
 #ifndef OPENSSL_NO_SRP
         else if (type == TLSEXT_TYPE_srp) {
-            if (size <= 0 || ((len = data[0])) != (size - 1)) {
+            if (size == 0 || ((len = data[0])) != (size - 1)) {
                 *al = SSL_AD_DECODE_ERROR;
                 return 0;
             }