From bc1fde3206c836226ec196d7772847b84a2cefed Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sun, 10 May 2015 01:48:09 -0400
Subject: [PATCH] Check max_out against in_len, not plaintext_len in RC4/MD5
 AEAD.

Like the non-stitched variant, this "AEAD" uses the output buffer as
scratch space for the MAC. Thus it should require that max_out_len is
large enough to fit that, even though it will never return that large of
input.

Change-Id: I5b30b0756408c2e433448f540e7c65251336d2f8
Reviewed-on: https://boringssl-review.googlesource.com/4704
Reviewed-by: Adam Langley <agl@google.com>
---
 crypto/cipher/e_rc4.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/cipher/e_rc4.c b/crypto/cipher/e_rc4.c
index 8a89a971..80dea362 100644
--- a/crypto/cipher/e_rc4.c
+++ b/crypto/cipher/e_rc4.c
@@ -299,7 +299,9 @@ static int aead_rc4_md5_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
     return 0;
   }
 
-  if (max_out_len < plaintext_len) {
+  if (max_out_len < in_len) {
+    /* This requires that the caller provide space for the MAC, even though it
+     * will always be removed on return. */
     OPENSSL_PUT_ERROR(CIPHER, aead_rc4_md5_tls_open, CIPHER_R_BUFFER_TOO_SMALL);
     return 0;
   }