From: Matt Caswell <matt@openssl.org>
Date: Mon, 4 Sep 2017 07:44:02 +0000 (+0100)
Subject: Don't attempt to add a zero length padding extension
X-Git-Tag: OpenSSL_1_1_1-pre1~690
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3d85c7f408e54e1a0b367901534139ba5f1cad07;p=oweals%2Fopenssl.git

Don't attempt to add a zero length padding extension

The padding extension should always be at least 1 byte long

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4331)
---

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 2c72dea248..bffe7aca08 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -843,7 +843,7 @@ EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
          * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
          * 8.x are intolerant of that condition)
          */
-        if (hlen >= 4)
+        if (hlen > 4)
             hlen -= 4;
         else
             hlen = 1;