From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
From: Valentin Popa <valentin.popa@intel.com>
Date: Thu, 5 Jun 2014 11:50:11 +0300
Subject: [PATCH] CVE-2014-3466

Prevent memory corruption due to server hello parsing.

Upstream-Status: Backport

Signed-off-by: Valentin Popa <valentin.popa@intel.com>
---
 lib/gnutls_handshake.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e4a63e4..e652528 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  if (len < session_id_len)
+  if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-- 
1.9.1