From 7e0bf487c39571d8fd228a2802f544ac11faa481 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 16 Jan 2020 12:55:24 +0000
Subject: [PATCH] [Minor] Check string length to avoid OOB reading

---
 src/libutil/ssl_util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index f2898d592..c43ace454 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -401,7 +401,7 @@ rspamd_tls_set_error (gint retcode, const gchar *stage, GError **err)
 
 		err_code = last_err;
 
-		if (reason->str[reason->len - 1] == ',') {
+		if (reason->len > 0 && reason->str[reason->len - 1] == ',') {
 			reason->str[reason->len - 1] = '\0';
 			reason->len --;
 		}
-- 
2.39.5