goto err;
}
session_id_len = PACKET_remaining(&session_id);
- if (session_id_len > sizeof s->session->session_id
+ if (session_id_len > sizeof(s->session->session_id)
|| session_id_len > SSL3_SESSION_ID_SIZE) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_F_TLS_PROCESS_SERVER_HELLO,