Fix possible buffer overrun.

			const unsigned char *l1, size_t l1len,

			const unsigned char *l2, size_t l2len,

			int nmatch);

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al);

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al);

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al);

int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);

int ssl_check_clienthello_tlsext_late(SSL *s);

int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n);

	c->valid = 1;

	}

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al)

unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al)

	{

	int extdatalen=0;

	unsigned char *ret = p;

	unsigned char *orig = buf;

	unsigned char *ret = buf;

#ifndef OPENSSL_NO_EC

	/* See if we support any ECC ciphersuites */

	int using_ecc = 0;

	/* don't add extensions for SSLv3 unless doing secure renegotiation */

	if (s->client_version == SSL3_VERSION

					&& !s->s3->send_connection_binding)

		return p;

		return orig;

	ret+=2;

              return NULL;

              }

          if((limit - p - 4 - el) < 0) return NULL;

          if((limit - ret - 4 - el) < 0) return NULL;

          s2n(TLSEXT_TYPE_renegotiate,ret);

          s2n(el,ret);

                ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);

                if((limit - p - 4 - el) < 0) return NULL;

                if((limit - ret - 4 - el) < 0) return NULL;

                s2n(TLSEXT_TYPE_use_srtp,ret);

                s2n(el,ret);

			}

		}

	if ((extdatalen = ret-p-2) == 0)

		return p;

	if ((extdatalen = ret-orig-2)== 0) 

		return orig;

	s2n(extdatalen,p);

	s2n(extdatalen, orig);

	return ret;

	}

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al)

unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit, int *al)

	{

	int extdatalen=0;

	unsigned char *ret = p;

	unsigned char *orig = buf;

	unsigned char *ret = buf;

	size_t i;

	custom_srv_ext_record *record;

#ifndef OPENSSL_NO_NEXTPROTONEG

#endif

	/* don't add extensions for SSLv3, unless doing secure renegotiation */

	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)

		return p;

		return orig;

	ret+=2;

	if (ret>=limit) return NULL; /* this really never occurs, but ... */

              return NULL;

              }

          if((limit - p - 4 - el) < 0) return NULL;

          if((limit - ret - 4 - el) < 0) return NULL;

          s2n(TLSEXT_TYPE_renegotiate,ret);

          s2n(el,ret);

                ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);

                if((limit - p - 4 - el) < 0) return NULL;

                if((limit - ret - 4 - el) < 0) return NULL;

                s2n(TLSEXT_TYPE_use_srtp,ret);

                s2n(el,ret);

		ret += len;

		}

	if ((extdatalen = ret-p-2)== 0) 

		return p;

	if ((extdatalen = ret-orig-2)== 0) 

		return orig;

	s2n(extdatalen,p);

	s2n(extdatalen, orig);

	return ret;

	}