From a7ff57965b81ce4fd73a18266ce29abf6b909fdb Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Sat, 8 Jul 2017 22:13:24 +0200
Subject: Fix cipher_compare

Unsigned overflow.  Found by Brian Carpenter

Fixes #3889

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3890)
---
 ssl/s3_lib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ssl/s3_lib.c')

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d7b8fb03bc..c3adc87268 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2793,7 +2793,9 @@ static int cipher_compare(const void *a, const void *b)
     const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
     const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
 
-    return ap->id - bp->id;
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
 }
 
 void ssl_sort_cipher_list(void)
-- 
cgit v1.2.3