Drop a redundant test. It's effectively doing the same test twice

and if the two lengths differed, the later CBS_write_bytes() would correctly fail anyway. Discussed with jsing
author: tb <> 2020-05-09 13:54:19 +0000
committer: tb <> 2020-05-09 13:54:19 +0000
commit: 09c6812a2299fc6ddfccf33df96d6405ff0721a7 (patch)
tree: b6c1e8655e3f2a164701119d0b9c384db969b7d9 /src/lib
parent: 4ada255562a571bc859eaabd939211b3d0608172 (diff)
download: openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.tar.gz
openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.tar.bz2
openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ce43a89ca7..a83453d39c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.64 2020/03/06 16:36:47 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.65 2020/05/09 13:54:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -903,8 +903,7 @@ ssl3_get_server_hello(SSL *s)
        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
                goto truncated;
-        if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
+        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
-            (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
                al = SSL_AD_ILLEGAL_PARAMETER;
                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
                goto f_err;
author	tb <>	2020-05-09 13:54:19 +0000
committer	tb <>	2020-05-09 13:54:19 +0000
commit	09c6812a2299fc6ddfccf33df96d6405ff0721a7 (patch)
tree	b6c1e8655e3f2a164701119d0b9c384db969b7d9 /src/lib
parent	4ada255562a571bc859eaabd939211b3d0608172 (diff)
download	openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.tar.gz openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.tar.bz2 openbsd-09c6812a2299fc6ddfccf33df96d6405ff0721a7.zip