Drop a redundant test. It's effectively doing the same test twice

and if the two lengths differed, the later CBS_write_bytes() would correctly fail anyway. Discussed with jsing
author: tb <tb@openbsd.org> 2020-05-09 13:54:19 +0000
committer: tb <tb@openbsd.org> 2020-05-09 13:54:19 +0000
commit: 9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a (patch)
tree: ce0bf7d60522f99cbf1fcbab89115ef6405bb8cb /lib/libssl/ssl_clnt.c
parent: On receiving an overlong session ID terminate with an illegal_parameter (diff)
download: wireguard-openbsd-9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a.tar.xz
wireguard-openbsd-9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index ce43a89ca73..a83453d39c8 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.64 2020/03/06 16:36:47 tb Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.65 2020/05/09 13:54:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -903,8 +903,7 @@ ssl3_get_server_hello(SSL *s)
 	if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
 		goto truncated;
 
-	if ((CBS_len(&session_id) > sizeof(s->session->session_id)) ||
-	    (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE)) {
+	if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
 		al = SSL_AD_ILLEGAL_PARAMETER;
 		SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
 		goto f_err;
author	tb <tb@openbsd.org>	2020-05-09 13:54:19 +0000
committer	tb <tb@openbsd.org>	2020-05-09 13:54:19 +0000
commit	9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a (patch)
tree	ce0bf7d60522f99cbf1fcbab89115ef6405bb8cb /lib/libssl/ssl_clnt.c
parent	On receiving an overlong session ID terminate with an illegal_parameter (diff)
download	wireguard-openbsd-9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a.tar.xz wireguard-openbsd-9cf2d9d3ec77b4a6daada52ef4bc348f1ef7df9a.zip