Add extra check before integer conversion end < p should never happen, but just be extra sure

commit: f3e6e4badb35760c9a543ee69b7449cb0cd9784b [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Fri Oct 02 09:53:52 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Fri Oct 02 09:53:52 2015 +0200
tree: a02b3635623e09e3d354612ae899f7622b082a31
parent: 643a922c56b77235e88f106fb1b41c1a764cea5f [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ef86cd2..39dc02e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -133,7 +133,7 @@
 
     SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
 
-    if( (size_t)(end - p) < 5 + ssl->verify_data_len )
+    if( end < p || (size_t)(end - p) < 5 + ssl->verify_data_len )
     {
         SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
         return;
commit	f3e6e4badb35760c9a543ee69b7449cb0cd9784b	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Fri Oct 02 09:53:52 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Fri Oct 02 09:53:52 2015 +0200
tree	a02b3635623e09e3d354612ae899f7622b082a31
parent	643a922c56b77235e88f106fb1b41c1a764cea5f [diff] [blame]