diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-23 19:53:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-29 19:01:58 +0200 |
commit | e933e7d8bb32d7d0936510eba3120f94e15d9b97 (patch) | |
tree | 7c1784891a4bb7b26429cc45843e3957f0bdd416 | |
parent | 7d20a9f3ed4bf8e945e3e205448147a9ea472dee (diff) | |
download | gnutls-e933e7d8bb32d7d0936510eba3120f94e15d9b97.tar.gz |
Prevent memory corruption due to server hello parsing.
Issue discovered by Joonas Kuorilehto of Codenomicon.
-rw-r--r-- | lib/gnutls_handshake.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index c8bd18b9c5..53c21367ba 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1679,7 +1679,7 @@ _gnutls_read_server_hello (gnutls_session_t session, DECR_LEN (len, 1); session_id_len = data[pos++]; - if (len < session_id_len) + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { gnutls_assert (); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |