From a30439a7f94d8a3e4dc974bfc6e24817ee79f9a0 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 6 Apr 2022 23:34:36 +0200
Subject: [PATCH] Fix off-by-one in buffer_size usage

The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/ssl/ssl_server2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4b1b6dffd..2b4d8e1a9 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3464,7 +3464,7 @@ data_exchange:
         do
         {
             int terminated = 0;
-            len = opt.buffer_size - 1;
+            len = opt.buffer_size;
             memset( buf, 0, opt.buffer_size );
             ret = mbedtls_ssl_read( &ssl, buf, len );
 
@@ -3565,7 +3565,7 @@ data_exchange:
     }
     else /* Not stream, so datagram */
     {
-        len = opt.buffer_size - 1;
+        len = opt.buffer_size;
         memset( buf, 0, opt.buffer_size );
 
         do