From 5d53cbef3ad2f32b98013402edaf44daf0f1c036 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 14 Jul 2014 13:51:41 +0200 Subject: [PATCH] Fix length check in ssl_write_ticket() --- library/ssl_srv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index d0ef6efc1..c6bcf252b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -212,7 +212,7 @@ static int ssl_write_ticket( ssl_context *ssl, size_t *tlen ) */ state = p + 2; if( ssl_save_session( ssl->session_negotiate, state, - SSL_MAX_CONTENT_LEN - ( state - ssl->out_ctr ) - 48, + SSL_MAX_CONTENT_LEN - ( state - ssl->out_msg ) - 48, &clear_len ) != 0 ) { return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );