projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Fix ssl_get_prev_session overrun
[oweals/openssl.git]
/
ssl
/
ssl_sess.c
diff --git
a/ssl/ssl_sess.c
b/ssl/ssl_sess.c
index fb4e8c52598f4d3f7ffc7151d427c00dccdd0a48..4c7f5d8b4e32d3e09690e8f313d62ddd08cbc95b 100644
(file)
--- a/
ssl/ssl_sess.c
+++ b/
ssl/ssl_sess.c
@@
-481,6
+481,11
@@
int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
+ if (session_id + len > limit) {
+ fatal = 1;
+ goto err;
+ }
+
if (len == 0)
try_session_cache = 0;