Add sanity check to ssl_get_prev_session

Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-04-28 15:28:23 +01:00 · 2015-04-28 15:28:23 +01:00 · cb0f400b0c
commit cb0f400b0c
parent c427570e50
1 changed files with 1 additions and 1 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -439,7 +439,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
    int r;
 #endif

-    if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
        goto err;

    if (session_id + len > limit) {