projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Fix ssl_get_prev_session overrun
[openssl.git]
/
ssl
/
ssl_sess.c
diff --git
a/ssl/ssl_sess.c
b/ssl/ssl_sess.c
index a213ea90dfe927cdc27b1bd3153a78773d301b60..3d0f95090df482941a6c736d53fe0c2a32176e0b 100644
(file)
--- a/
ssl/ssl_sess.c
+++ b/
ssl/ssl_sess.c
@@
-442,6
+442,11
@@
int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
+ if (session_id + len > limit) {
+ fatal = 1;
+ goto err;
+ }
+
if (len == 0)
try_session_cache = 0;