1 files changed, 7 insertions, 1 deletions

diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 5d401c3572..0528309132 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -452,6 +452,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                                 }
                                         n2s(data, idsize);
                                         dsize -= 2 + idsize;
+                                        size -= 2 + idsize;
                                         if (dsize < 0)
                                                 {
                                                 *al = SSL_AD_DECODE_ERROR;
@@ -490,9 +491,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                         }
 
                                 /* Read in request_extensions */
+                                if (size < 2)
+                                        {
+                                        *al = SSL_AD_DECODE_ERROR;
+                                        return 0;
+                                        }
                                 n2s(data,dsize);
                                 size -= 2;
-                                if (dsize > size) 
+                                if (dsize != size)
                                         {
                                         *al = SSL_AD_DECODE_ERROR;
                                         return 0;