From 137325dc71d066f671f06a0a47f65d4c0a1f8aa2 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 1 Feb 2010 16:38:17 +0100
Subject: [PATCH] [MINOR] config: fix too large ssl-hello-check message.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As reported by Cyril Bonté and Hervé Commowick, the ssl-hello-check
should use sizeof()-1 and not sizeof() for the message length.
---
 src/cfgparse.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4036e29b5..a30a88766 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4817,9 +4817,9 @@ out_uri_auth_compat:
 		}
 
 		if (curproxy->options & PR_O_SSL3_CHK) {
-			curproxy->check_len = sizeof(sslv3_client_hello_pkt);
-			curproxy->check_req = (char *)malloc(sizeof(sslv3_client_hello_pkt));
-			memcpy(curproxy->check_req, sslv3_client_hello_pkt, sizeof(sslv3_client_hello_pkt));
+			curproxy->check_len = sizeof(sslv3_client_hello_pkt) - 1;
+			curproxy->check_req = (char *)malloc(curproxy->check_len);
+			memcpy(curproxy->check_req, sslv3_client_hello_pkt, curproxy->check_len);
 		}
 
 		/* The small pools required for the capture lists */