Add sanity check to ssl_get_prev_session

Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org> (cherry picked from commit cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5)
2015-04-28 15:28:23 +01:00 · 2015-04-28 15:28:23 +01:00 · 9c5efc9c65
commit 9c5efc9c65
parent 75862f7741
1 changed files with 1 additions and 1 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -449,7 +449,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
    int r;
 #endif

-    if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
        goto err;

    if (session_id + len > limit) {