From 9586acb560f9fd0bd3e326d9162a81db132cc09e Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Wed, 4 Apr 2018 10:42:52 +0800
Subject: [PATCH] Coverity 189189: client: new openssl alpn handling off-by-one

---
 lib/tls/openssl/openssl-client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c
index febb3c30..7317b437 100644
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@@ -240,7 +240,7 @@ lws_tls_client_connect(struct lws *wsi)
 #if defined(LWS_HAVE_SSL_set_alpn_protos) && defined(LWS_HAVE_SSL_get0_alpn_selected)
 		SSL_get0_alpn_selected(wsi->ssl, &prot, &len);
 
-		if (len > sizeof(a))
+		if (len >= sizeof(a))
 			len = sizeof(a) - 1;
 		memcpy(a, (const char *)prot, len);
 		a[len] = '\0';