Validate ClientHello extension field length

RT#4069 Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: Alessandro Ghedini <alessandro@ghedini.me> 2015-10-02 14:38:30 +0200
committer: Matt Caswell <matt@openssl.org> 2015-10-05 19:48:28 +0100
commit: e4840c88c516d959785fcd842d8658d3b7a6ae43 (patch)
tree: 7a51fc382904a1a3230210ab6d6cdf0df63fd821 /ssl
parent: 67d42531744e56d11212ee000e4559cf95ac57a7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index d70b93fead..ef6c6fa270 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1024,7 +1024,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 
     n2s(data, len);
 
-    if (data > (d + n - len))
+    if (data + len != d + n)
         goto err;
 
     while (data <= (d + n - 4)) {
author	Alessandro Ghedini <alessandro@ghedini.me>	2015-10-02 14:38:30 +0200
committer	Matt Caswell <matt@openssl.org>	2015-10-05 19:48:28 +0100
commit	e4840c88c516d959785fcd842d8658d3b7a6ae43 (patch)
tree	7a51fc382904a1a3230210ab6d6cdf0df63fd821 /ssl
parent	67d42531744e56d11212ee000e4559cf95ac57a7 (diff)