From f3e6e4badb35760c9a543ee69b7449cb0cd9784b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 2 Oct 2015 09:53:52 +0200 Subject: [PATCH] Add extra check before integer conversion end < p should never happen, but just be extra sure --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index ef86cd29a..39dc02e7d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -133,7 +133,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl, SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); - if( (size_t)(end - p) < 5 + ssl->verify_data_len ) + if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len ) { SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); return;