Allocate extra space when NETSCAPE_HANG_BUG defined.

Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361
(cherry picked from commit 92d81ba622396425764d676ba4fb3f0dac273f17)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 36f34270cd2beef1bcc46adf5289749b926847cb..a5030422030ea1ab57e5227aa9ac425f4db6ec24 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2146,6 +2146,11 @@ int ssl3_send_certificate_request(SSL *s)
 #ifdef NETSCAPE_HANG_BUG
                if (!SSL_IS_DTLS(s))
                        {
+                       if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
+                               goto err;
+                               }
                        p=(unsigned char *)s->init_buf->data + s->init_num;
                        /* do the header */
                        *(p++)=SSL3_MT_SERVER_DONE;