Add extra check before integer conversion

end < p should never happen, but just be extra sure
This commit is contained in:
Manuel Pégourié-Gonnard 2015-10-02 09:53:52 +02:00
parent 643a922c56
commit f3e6e4badb

View file

@ -133,7 +133,7 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
if( (size_t)(end - p) < 5 + ssl->verify_data_len )
if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len )
{
SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
return;