Avoid false positives in bounds check The size of the buffer already accounts for the extra data before the actual message, so the allowed length is SSL_MAX_CONTENT_LEN starting from _msg

commit: faee44ded16eb289fe449693c1691763e8390b4a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 24 22:19:58 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Thu Sep 24 22:19:58 2015 +0200
tree: 03b7ea4dd3fa625ee813350aef491ba8f5cf17b8
parent: d0d8cb36a4dd722c38a54e2fd380325074a9b617 [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c0386b6..49ea5a2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -287,7 +287,7 @@
 {
     int ret;
     unsigned char *p = buf;
-    const unsigned char *end = ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN;
+    const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
     size_t kkpp_len;
 
     *olen = 0;
commit	faee44ded16eb289fe449693c1691763e8390b4a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 24 22:19:58 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Thu Sep 24 22:19:58 2015 +0200
tree	03b7ea4dd3fa625ee813350aef491ba8f5cf17b8
parent	d0d8cb36a4dd722c38a54e2fd380325074a9b617 [diff] [blame]