From 4fada510fabc703d0ae697a77732335a8da6e6fd Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 3 May 2018 15:13:13 +0200
Subject: encrypt_packet_tls13: made size check safer

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/cipher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cipher.c b/lib/cipher.c
index 205940ffbc..a2215bc1ee 100644
--- a/lib/cipher.c
+++ b/lib/cipher.c
@@ -459,7 +459,7 @@ encrypt_packet_tls13(gnutls_session_t session,
 
 	/* check whether padding would exceed max */
 	if (fdata_size > max) {
-		if (unlikely(max-plain->size-1 < 0))
+		if (unlikely(max < (ssize_t)plain->size+1))
 			return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
 
 		min_pad = max - plain->size - 1;
-- 
cgit v1.2.1