Prevent memory corruption due to server hello parsing.

Issue discovered by Joonas Kuorilehto of Codenomicon.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-23 19:50:31 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2014-05-29 19:00:01 +0200
commit: 688ea6428a432c39203d00acd1af0e7684e5ddfd (patch)
tree: c49df1bd1e4d46c64bf5587a31571532e77e740d /lib/gnutls_handshake.c
parent: 1375d4e6d7bb969bf6c91ad78be41698073070f3 (diff)
download: gnutls-688ea6428a432c39203d00acd1af0e7684e5ddfd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 3316ff158a..3765efd197 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1751,7 +1751,7 @@ read_server_hello(gnutls_session_t session,
 	DECR_LEN(len, 1);
 	session_id_len = data[pos++];
 
-	if (len < session_id_len) {
+	if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
 		gnutls_assert();
 		return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
 	}
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-23 19:50:31 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2014-05-29 19:00:01 +0200
commit	688ea6428a432c39203d00acd1af0e7684e5ddfd (patch)
tree	c49df1bd1e4d46c64bf5587a31571532e77e740d /lib/gnutls_handshake.c
parent	1375d4e6d7bb969bf6c91ad78be41698073070f3 (diff)
download	gnutls-688ea6428a432c39203d00acd1af0e7684e5ddfd.tar.gz