From 97d8ce91f4ebbbbf8172f6995df967d24481fd50 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 23 May 2014 19:50:31 +0200
Subject: Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.
---
 lib/gnutls_handshake.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e5279bee5b..d10144dd72 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1747,7 +1747,7 @@ _gnutls_read_server_hello(gnutls_session_t session,
 	DECR_LEN(len, 1);
 	session_id_len = data[pos++];
 
-	if (len < session_id_len) {
+	if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
 		gnutls_assert();
 		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	}
-- 
cgit v1.2.1