From 8639578f583b9ecce07ee11d5f95343b131f2eb2 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Wed, 30 May 2012 07:39:36 +0000
Subject: [PATCH]  - Correctly handle empty packets (Found by James Yonan)

---
 ChangeLog         | 1 +
 library/ssl_tls.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 35261b1145..ea4cf467a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@ PolarSSL ChangeLog
 
 = Version 1.1.4 released on 2012-05-30
 Bugfix
+   * Correctly handle empty packets (Found by James Yonan)
    * Fixed potential heap corruption in x509_name allocation
    * Fixed single RSA test that failed on Big Endian systems (Closes ticket #54)
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 89333559b5..12929e770f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -785,7 +785,7 @@ static int ssl_decrypt_buf( ssl_context *ssl )
     /*
      * Always compute the MAC (RFC4346, CBCTIME).
      */
-    if( ssl->in_msglen <= ssl->maclen + padlen )
+    if( ssl->in_msglen < ssl->maclen + padlen )
     {
         SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
                     ssl->in_msglen, ssl->maclen, padlen ) );