blob: dd118f599a98f6308191e3b0248e17a6578a7cea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001
From: Valentin Popa <valentin.popa@intel.com>
Date: Thu, 5 Jun 2014 11:50:11 +0300
Subject: [PATCH] CVE-2014-3466
Prevent memory corruption due to server hello parsing.
Upstream-Status: Backport
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
---
lib/gnutls_handshake.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index e4a63e4..e652528 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session,
DECR_LEN (len, 1);
session_id_len = data[pos++];
- if (len < session_id_len)
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
{
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
--
1.9.1
|
