Increase wbuf by one byte to fix the bug reported by

[oweals/openssl.git] / ssl / s2_pkt.c

diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index 6081dd7b4709bf475deb1c486b054d7c2df4622d..e2499083e9531e4a82ab92668d7b61117a023bc2 100644 (file)
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -541,6 +541,9 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
                {
                bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
                j=len+mac_size;
+               /* Two-byte headers allow for a larger record length than
+                * three-byte headers, but we can't use them if we need
+                * padding or if we have to set the escape bit. */
                if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
                        (!s->s2->escape))
                        {
@@ -560,7 +563,7 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
                        s->s2->three_byte_header=0;
                        p=0;
                        }
-               else /* 3 byte header */
+               else /* we may have to use a 3 byte header */
                        {
                        /*len=len; */
                        p=(j%bs);
@@ -574,7 +577,7 @@ static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
        /* mac_size is the number of MAC bytes
         * len is the number of data bytes we are going to send
         * p is the number of padding bytes
-        * if p == 0, it is a 2 byte header */
+        * (if it is a two-byte header, then p == 0) */
 
        s->s2->wlength=len;
        s->s2->padding=p;