From 9c89d290834f3ed9146eeb8b64fe5de817679a0b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 26 May 2015 00:05:28 +0100 Subject: [PATCH] Don't check for a negative SRP extension size The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte --- ssl/t1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ce010ca4ed..a161dcc5f4 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2047,7 +2047,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } #ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { + if (size == 0 || ((len = data[0])) != (size - 1)) { *al = SSL_AD_DECODE_ERROR; return 0; }