commit 4a3f0732fd15ce3f38cb1f0879d3f8e64db888dd
author David Benjamin <davidben@chromium.org> Sun Apr 05 02:21:33 2015 -0400
committer Adam Langley <agl@google.com> Mon Apr 06 20:50:45 2015 +0000
tree 59ff629b519d3b69310f23c81eb7b867651a419c
parent d81e73dcbb497e0b3a2830881c09163af6fe7e21

Tidy record length check.

Compression is gone, so don't allow for compression overhead. With that fixed,
the second rr->length check in ssl3_get_record matches the length computation
which sizes the read buffer. The first is wrong and doesn't account for the
alignment padding. Move the second to the first.

Change-Id: I3f4f05de9fdf5c645ff24493bbfdf303dcc1aa90
Reviewed-on: https://boringssl-review.googlesource.com/4236
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/ssl3.h

diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
index ab31a62..09705e1 100644
--- a/include/openssl/ssl3.h
+++ b/include/openssl/ssl3.h
@@ -256,11 +256,11 @@
     SSL3_RT_MAX_ENCRYPTED_OVERHEAD >= SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD,
     max_overheads_are_consistent);
 
+/* SSL3_RT_MAX_COMPRESSED_LENGTH is an alias for
+ * |SSL3_RT_MAX_PLAIN_LENGTH|. Compression is gone, so don't include the
+ * compression overhead. */
+#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
 
-/* If compression isn't used don't include the compression overhead */
-
-#define SSL3_RT_MAX_COMPRESSED_LENGTH \
-  (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_COMPRESSED_OVERHEAD)
 #define SSL3_RT_MAX_ENCRYPTED_LENGTH \
   (SSL3_RT_MAX_ENCRYPTED_OVERHEAD + SSL3_RT_MAX_COMPRESSED_LENGTH)
 #define SSL3_RT_MAX_PACKET_SIZE \