diff options
-rw-r--r-- | src/openvpn/ssl_openssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 645ccf5..73c07e3 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -352,7 +352,8 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) } /* Make sure new cipher name fits in cipher string */ - if (((sizeof(openssl_ciphers)-1) - openssl_ciphers_len) < current_cipher_len) + if ((SIZE_MAX - openssl_ciphers_len) < current_cipher_len + || ((sizeof(openssl_ciphers)-1) < openssl_ciphers_len + current_cipher_len)) { msg(M_FATAL, "Failed to set restricted TLS cipher list, too long (>%d).", |