Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-23 19:53:03 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-29 19:01:58 +0200
commit: e933e7d8bb32d7d0936510eba3120f94e15d9b97 (patch)
tree: 7c1784891a4bb7b26429cc45843e3957f0bdd416
parent: 7d20a9f3ed4bf8e945e3e205448147a9ea472dee (diff)
download: gnutls-e933e7d8bb32d7d0936510eba3120f94e15d9b97.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index c8bd18b9c5..53c21367ba 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1679,7 +1679,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  if (len < session_id_len)
+  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-23 19:53:03 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-29 19:01:58 +0200
commit	e933e7d8bb32d7d0936510eba3120f94e15d9b97 (patch)
tree	7c1784891a4bb7b26429cc45843e3957f0bdd416
parent	7d20a9f3ed4bf8e945e3e205448147a9ea472dee (diff)
download	gnutls-e933e7d8bb32d7d0936510eba3120f94e15d9b97.tar.gz