Fix off-by-one errors in ssl_cipher_get_evp()

In the ssl_cipher_get_evp() function, fix off-by-one errors in index validation before accessing arrays.

PR#3375

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 0f03b063e874c4c7fb12cd1772f51f69df19f276..ad9b762101951ead9d455e39a1c0671cead0d66f 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -582,7 +582,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                break;
                }
 
-       if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+       if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
                *enc=NULL;
        else
                {
@@ -616,7 +616,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                i= -1;
                break;
                }
-       if ((i < 0) || (i > SSL_MD_NUM_IDX))
+       if ((i < 0) || (i >= SSL_MD_NUM_IDX))
        {
                *md=NULL; 
                if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;