Commit cb0f400b authored Apr 28, 2015 by Matt Caswell

Add sanity check to ssl_get_prev_session



Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin
Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for
reporting this issue.

Reviewed-by: Andy Polyakov <appro@openssl.org>

parent c427570e

ssl/ssl_sess.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -439,7 +439,7 @@ int ssl_get_prev_session(SSL s, unsigned char session_id, int len,
		int r;
		#endif

		if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
		if (len < 0 \|\| len > SSL_MAX_SSL_SESSION_ID_LENGTH)
		goto err;

		if (session_id + len > limit) {