From 3b5e537f081b778e6d6159cac880d49e4778acb5 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 21 Apr 2017 16:00:41 -0700
Subject: [PATCH] DTLS Multicast wolfSSL_set_secret() was checking the
 preMasterSz against the sizeof the preMasterSecret member of the Arrays
 structure. That member was changed to a pointer and allocated dynamically for
 the session write-duping. The comparison between the passed in size and the
 size of the parameter started failing. The check now uses the constant that
 is used for allocating the preMasterSecret member.

---
 src/ssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 498f0a65b..6680bc30f 100755
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -902,8 +902,8 @@ int wolfSSL_set_secret(WOLFSSL* ssl, word16 epoch,
 
     WOLFSSL_ENTER("wolfSSL_set_secret()");
 
-    if (ssl == NULL || preMasterSecret == NULL || preMasterSz == 0 ||
-        preMasterSz > sizeof(ssl->arrays->preMasterSecret) ||
+    if (ssl == NULL || preMasterSecret == NULL ||
+        preMasterSz == 0 || preMasterSz > ENCRYPT_LEN ||
         clientRandom == NULL || serverRandom == NULL || suite == NULL) {
 
         ret = BAD_FUNC_ARG;