From 9c5efc9c65be2d29fd01c02bba081b72ba025453 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 28 Apr 2015 15:28:23 +0100 Subject: [PATCH] Add sanity check to ssl_get_prev_session Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov (cherry picked from commit cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5) --- ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index dce90887bb..8b9945b475 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -449,7 +449,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, int r; #endif - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; if (session_id + len > limit) {