From ce1cfe169a03fa7595ba54323ec975d34249f7c3 Mon Sep 17 00:00:00 2001
From: Adam Langley <agl@chromium.org>
Date: Fri, 20 Jun 2014 12:00:00 -0700
Subject: [PATCH] Allocate extra space when NETSCAPE_HANG_BUG defined.

Make sure there is an extra 4 bytes for server done message when
NETSCAPE_HANG_BUG is defined.

PR#3361

(Imported from upstream's 856a4585d6f7a856b90c93792cf1c1ed968d4a4b)
---
 ssl/s3_srvr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 046f7b77..0147967e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2088,6 +2088,11 @@ int ssl3_send_certificate_request(SSL *s)
 #ifdef NETSCAPE_HANG_BUG
 		if (!SSL_IS_DTLS(s))
 			{
+			if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
+				{
+				OPENSSL_PUT_ERROR(SSL, ssl3_send_certificate_request, ERR_R_BUF_LIB);
+				goto err;
+				}
 			p=(unsigned char *)s->init_buf->data + s->init_num;
 			/* do the header */
 			*(p++)=SSL3_MT_SERVER_DONE;