Skip to content
Commit 40f26ac7 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix ssl_get_prev_session overrun



If OpenSSL is configured with no-tlsext then ssl_get_prev_session can read
past the end of the ClientHello message if the session_id length in the
ClientHello is invalid. This should not cause any security issues since the
underlying buffer is 16k in size. It should never be possible to overrun by
that many bytes.

This is probably made redundant by the previous commit - but you can never be
too careful.

With thanks to Qinghao Tang for reporting this issue.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(cherry picked from commit 5e0a80c1)
parent 89c27202
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment