From e5764c1a4b910c0eb4c83adba1de89b9b221bfc1 Mon Sep 17 00:00:00 2001
From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 21 Aug 2013 18:57:20 -0700
Subject: Bug 734007: sizeof(SSL3_MASTER_SECRET_LENGTH) was incorrectly used in
 ssl3_ServerHandleSessionTicketXtn. r=sleevi.

---
 lib/ssl/ssl3ext.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index f6e9e2b78..616ca4c6f 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -1411,7 +1411,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
 	    goto no_ticket;
 	
 	/* Allow for the wrapped master secret to be longer. */
-	if (buffer_len < sizeof(SSL3_MASTER_SECRET_LENGTH))
+	if (buffer_len < parsed_session_ticket->ms_length)
 	    goto no_ticket;
 	PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
 	    parsed_session_ticket->ms_length);
-- 
cgit v1.2.1