From cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 28 Apr 2015 15:28:23 +0100 Subject: [PATCH] Add sanity check to ssl_get_prev_session Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov --- ssl/ssl_sess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index cec5905291..34b6fac2bc 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -439,7 +439,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, int r; #endif - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; if (session_id + len > limit) { -- 2.40.0