wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sanity check to ssl_get_prev_session

Browse source 
Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit cb0f400b0c)
This commit is contained in:
Matt Caswell 2015-04-28 15:28:23 +01:00
parent 75862f7741
commit 9c5efc9c65
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ssl/ssl_sess.c
View file

@ -449,7 +449,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
int r; int r;
#endif #endif
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err; goto err;
if (session_id + len > limit) { if (session_id + len > limit) {