diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-23 19:50:31 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-05-29 19:00:09 +0200 |
commit | 97d8ce91f4ebbbbf8172f6995df967d24481fd50 (patch) | |
tree | 6169ce7bd729fa5d97f995dc7ca12e7252e1911c | |
parent | f9448afc7f4108161de66649f8d62a04bf1d7cb7 (diff) | |
download | gnutls-97d8ce91f4ebbbbf8172f6995df967d24481fd50.tar.gz |
Prevent memory corruption due to server hello parsing.
Issue discovered by Joonas Kuorilehto of Codenomicon.
-rw-r--r-- | lib/gnutls_handshake.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index e5279bee5b..d10144dd72 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1747,7 +1747,7 @@ _gnutls_read_server_hello(gnutls_session_t session, DECR_LEN(len, 1); session_id_len = data[pos++]; - if (len < session_id_len) { + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } |