[MINOR] config: fix too large ssl-hello-check message.

As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check
should use sizeof()-1 and not sizeof() for the message length.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4036e29b55996ea2fe92b66b7a403a9329e4105a..a30a88766e5d7b5f8926712fcd93b90b460ff843 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4817,9 +4817,9 @@ out_uri_auth_compat:
                }
 
                if (curproxy->options & PR_O_SSL3_CHK) {
-                       curproxy->check_len = sizeof(sslv3_client_hello_pkt);
-                       curproxy->check_req = (char *)malloc(sizeof(sslv3_client_hello_pkt));
-                       memcpy(curproxy->check_req, sslv3_client_hello_pkt, sizeof(sslv3_client_hello_pkt));
+                       curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1;
+                       curproxy->check_req = (char *)malloc(curproxy->check_len);
+                       memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
                }
 
                /* The small pools required for the capture lists */