From 63ff89ab71d38f03bb56603e4048a1dc143942b2 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <p.antoine@catenacyber.fr>
Date: Wed, 21 Mar 2018 08:27:34 +0100
Subject: [PATCH] Fixes integer underflow with SSL_trace support

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5706)
---
 ssl/t1_trce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 55f1824183..f8d0501aa5 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -729,7 +729,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
         while (xlen > 0) {
             size_t plen = *ext++;
 
-            if (plen > xlen + 1)
+            if (plen + 1 > xlen)
                 return 0;
             BIO_indent(bio, indent + 2, 80);
             BIO_write(bio, ext, plen);
-- 
2.25.1