Don't check for a negative SRP extension size

The size of the SRP extension can never be negative (the variable
|size| is unsigned). Therefore don't check if it is less than zero.

RT#3862

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b)

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8cde013138577f4b0f2cdc59312afdb0ad728247..bf11f93e62782f25a1f0219959dcb1b8bba3f3ec 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2120,7 +2120,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
         }
 # ifndef OPENSSL_NO_SRP
         else if (type == TLSEXT_TYPE_srp) {
-            if (size <= 0 || ((len = data[0])) != (size - 1)) {
+            if (size == 0 || ((len = data[0])) != (size - 1)) {
                 *al = SSL_AD_DECODE_ERROR;
                 return 0;
             }