From: Alban Crequy Date: Mon, 7 Nov 2011 18:51:27 +0000 (+0000) Subject: gnutls_session_get_data: fix possible buffer overflow X-Git-Tag: gnutls_3_0_6~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c;p=thirdparty%2Fgnutls.git gnutls_session_get_data: fix possible buffer overflow The test to avoid the buffer overflow was always false because session_data_size was set at the wrong place. This problem has been introduced by this commit: |commit ad4ed44c65e753e6d3a00104c049dd81826ccbf3 |Author: Nikos Mavrogiannopoulos |Date: Mon Nov 7 22:24:48 2005 +0000 | | This is the initial commit in the 1.3 branch. Ported from the PSK branch: | * PSK ciphersuites have been added. | * The session resumption data are now system independent. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c index 8028d5a4f8..418a2ba16e 100644 --- a/lib/gnutls_session.c +++ b/lib/gnutls_session.c @@ -63,13 +63,13 @@ gnutls_session_get_data (gnutls_session_t session, gnutls_assert (); return ret; } - *session_data_size = psession.size; if (psession.size > *session_data_size) { ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto error; } + *session_data_size = psession.size; if (session_data != NULL) memcpy (session_data, psession.data, psession.size);