]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Prevent memory corruption due to server hello parsing.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 23 May 2014 17:50:31 +0000 (19:50 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 29 May 2014 17:00:01 +0000 (19:00 +0200)
Issue discovered by Joonas Kuorilehto of Codenomicon.

lib/gnutls_handshake.c

index 3316ff158afc8a8afb6118e032c8e51994f94b84..3765efd197d70f78e89af0cecf7b777069ce6b56 100644 (file)
@@ -1751,7 +1751,7 @@ read_server_hello(gnutls_session_t session,
        DECR_LEN(len, 1);
        session_id_len = data[pos++];
 
-       if (len < session_id_len) {
+       if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
                gnutls_assert();
                return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
        }