From 461ec96400c0a98b56a42533ecf86de58bc3c16f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 24 Jan 2017 08:41:53 +0000
Subject: Correct bounds checks used when generating the EC curves extension.

ok beck@
---
 src/lib/libssl/t1_lib.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 5ca0a1f4a0..b69e52a85c 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.107 2017/01/24 03:41:43 jsing Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.108 2017/01/24 08:41:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -752,9 +752,9 @@ ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
 			return NULL;
 
 		lenmax = limit - ret - 6;
-		if (curveslen > lenmax)
+		if (curveslen * 2 > lenmax)
 			return NULL;
-		if (curveslen > 65532) {
+		if (curveslen * 2 > 65532) {
 			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT,
 			    ERR_R_INTERNAL_ERROR);
 			return NULL;
-- 
cgit v1.2.3-55-g6feb