Update DTLS code to match CBC decoding in TLS.

[oweals/openssl.git] / crypto / mem.c

diff --git a/crypto/mem.c b/crypto/mem.c
index 00ebaf0b9b5e304b860b4443c07dc2a45837da6b..05d7b9cd3d7aa7d17f859050aa7fe14d5e3cdcbb 100644 (file)
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -372,6 +372,10 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
 
        if (num <= 0) return NULL;
 
+       /* We don't support shrinking the buffer. Note the memcpy that copies
+        * |old_len| bytes to the new buffer, below. */
+       if (num < old_len) return NULL;
+
        if (realloc_debug_func != NULL)
                realloc_debug_func(str, NULL, num, file, line, 0);
        ret=malloc_ex_func(num,file,line);