Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-23 19:50:31 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-29 19:00:09 +0200
commit: 97d8ce91f4ebbbbf8172f6995df967d24481fd50 (patch)
tree: 6169ce7bd729fa5d97f995dc7ca12e7252e1911c
parent: f9448afc7f4108161de66649f8d62a04bf1d7cb7 (diff)
download: gnutls-97d8ce91f4ebbbbf8172f6995df967d24481fd50.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e5279bee5b..d10144dd72 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1747,7 +1747,7 @@ _gnutls_read_server_hello(gnutls_session_t session,
 	DECR_LEN(len, 1);
 	session_id_len = data[pos++];
 
-	if (len < session_id_len) {
+	if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
 		gnutls_assert();
 		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-23 19:50:31 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-29 19:00:09 +0200
commit	97d8ce91f4ebbbbf8172f6995df967d24481fd50 (patch)
tree	6169ce7bd729fa5d97f995dc7ca12e7252e1911c
parent	f9448afc7f4108161de66649f8d62a04bf1d7cb7 (diff)
download	gnutls-97d8ce91f4ebbbbf8172f6995df967d24481fd50.tar.gz