From 09c6812a2299fc6ddfccf33df96d6405ff0721a7 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 9 May 2020 13:54:19 +0000
Subject: Drop a redundant test. It's effectively doing the same test twice and
 if the two lengths differed, the later CBS_write_bytes() would correctly fail
 anyway.

Discussed with jsing
---
 src/lib/libssl/ssl_clnt.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index ce43a89ca7..a83453d39c 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.64 2020/03/06 16:36:47 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.65 2020/05/09 13:54:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -903,8 +903,7 @@ ssl3_get_server_hello(SSL *s)
 	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
 		goto truncated;
 
-	if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
-	    (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
+	if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
 		al = SSL_AD_ILLEGAL_PARAMETER;
 		SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
 		goto f_err;
-- 
cgit v1.2.3-55-g6feb