Add sanity check to ssl_get_prev_session

Sanity check the |len| parameter to ensure it is positive. Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3 Solutions) for reporting this issue. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-04-28 15:28:23 +0100
committer: Matt Caswell <matt@openssl.org> 2015-04-30 23:12:39 +0100
commit: cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5 (patch)
tree: fd42bbb109132bccf101826d57c6e574f7dc9e90 /ssl/ssl_sess.c
parent: c427570e5098e120cbcb66e799f85c317aac7b91 (diff)
download: openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.zip
openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.tar.gz
openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index cec5905..34b6fac 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -439,7 +439,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
     int r;
 #endif
 
-    if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
         goto err;
 
     if (session_id + len > limit) {
author	Matt Caswell <matt@openssl.org>	2015-04-28 15:28:23 +0100
committer	Matt Caswell <matt@openssl.org>	2015-04-30 23:12:39 +0100
commit	cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5 (patch)
tree	fd42bbb109132bccf101826d57c6e574f7dc9e90 /ssl/ssl_sess.c
parent	c427570e5098e120cbcb66e799f85c317aac7b91 (diff)
download	openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.zip openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.tar.gz openssl-cb0f400b0cea2d2943f99b1e89c04ff6ed748cd5.tar.bz2