From db1c857c07cb24153ba62a54c9ed95b7adb0b363 Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Wed, 1 Jan 2025 19:46:06 -0800
Subject: [PATCH] Fix MARSHALLED_TOKEN_MAX_LEN

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26333)
---
 ssl/quic/quic_port.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 6185005aecb..d477f64b1cb 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -82,7 +82,7 @@ typedef struct validation_token {
  *   maximally sized AF_UNIX socket)
  * - is_retry is a single byte
  */
-#define MARSHALLED_TOKEN_MAX_LEN 197
+#define MARSHALLED_TOKEN_MAX_LEN 169
 
 /*
  * Maximum length of an encrypted marshalled validation token.
@@ -760,7 +760,7 @@ static int generate_retry_token(BIO_ADDR *peer, QUIC_CONN_ID odcid,
  * @brief Marshals a validation token into a new buffer.
  *
  * |buffer| should already be allocated and at least MARSHALLED_TOKEN_MAX_LEN
- * bytes long. Stores the actual data stored in |buffer| in |buffer_len|.
+ * bytes long. Stores the length of data stored in |buffer| in |buffer_len|.
  *
  * @param token      Validation token.
  * @param buffer     Address to store the marshalled token.
-- 
2.47.2