From e1423b93bd3553efa320e96178feb2e4fbf950d1 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 15 Jul 2015 21:52:02 +0000
Subject: test for n<0 before use in CBS_init - mostly to shut up coverity.
 reluctant ok miod@

---
 src/lib/libssl/d1_srtp.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'src/lib/libssl/d1_srtp.c')

diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
index 801eab1b76..8f05c4abc8 100644
--- a/src/lib/libssl/d1_srtp.c
+++ b/src/lib/libssl/d1_srtp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srtp.c,v 1.12 2015/07/14 03:38:26 doug Exp $ */
+/* $OpenBSD: d1_srtp.c,v 1.13 2015/07/15 21:52:02 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -303,11 +303,16 @@ ssl_parse_clienthello_use_srtp_ext(SSL *s, const unsigned char *d, int len,
 	uint16_t id;
 	CBS cbs, ciphers, mki;
 
-	CBS_init(&cbs, d, len);
+	if (len < 0) {
+		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
+		    SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+		*al = SSL_AD_DECODE_ERROR;
+		goto done;
+	}
 
+	CBS_init(&cbs, d, len);
 	/* Pull off the cipher suite list */
-	if (len < 0 ||
-	    !CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
+	if (!CBS_get_u16_length_prefixed(&cbs, &ciphers) ||
 	    CBS_len(&ciphers) % 2 ||
 	    CBS_len(&cbs) != 0) {
 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,
-- 
cgit v1.2.3-55-g6feb