From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri, 25 May 2018 06:06:55 +0000 (+0200)
Subject: Fix array bounds violation in ssl_session_dup
X-Git-Tag: OpenSSL_1_1_1-pre7~11
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c;hp=a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562

Fix array bounds violation in ssl_session_dup

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6353)
---

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 541f82a851..52ec670787 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -204,7 +204,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     if (src->ext.supportedgroups) {
         dest->ext.supportedgroups =
             OPENSSL_memdup(src->ext.supportedgroups,
-                           src->ext.supportedgroups_len);
+                           src->ext.supportedgroups_len
+                                * sizeof(*src->ext.supportedgroups));
         if (dest->ext.supportedgroups == NULL)
             goto err;
     }