From: Matt Caswell <matt@openssl.org>
Date: Mon, 13 Nov 2023 11:27:54 +0000 (+0000)
Subject: Correct tag len check when determining how much space we have in the pkt
X-Git-Tag: openssl-3.3.0-alpha1~612
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46376fcf4b6d11ec417c2a530475037d4d09fcbf;p=thirdparty%2Fopenssl.git

Correct tag len check when determining how much space we have in the pkt

If the available space is equal to the tag length then we have no available
space for plaintext data.

Fixes #22699

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22715)
---

diff --git a/ssl/quic/quic_record_tx.c b/ssl/quic/quic_record_tx.c
index 4f86c68e177..c01abed0d66 100644
--- a/ssl/quic/quic_record_tx.c
+++ b/ssl/quic/quic_record_tx.c
@@ -422,7 +422,7 @@ int ossl_qtx_calculate_plaintext_payload_len(OSSL_QTX *qtx, uint32_t enc_level,
 
     tag_len = ossl_qrl_get_suite_cipher_tag_len(el->suite_id);
 
-    if (ciphertext_len < tag_len) {
+    if (ciphertext_len <= tag_len) {
         *plaintext_len = 0;
         return 0;
     }