OpenSSL Security Advisory [30 July 2002]

Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. Submitted by: Reviewed by: PR:
author: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 11:21:19 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 11:21:19 +0000
commit: bca9dc2a519e0e2c5a62136a109d18d2a71123b2 (patch)
tree: a88cad7eef543cb8f8c6831f406137f54e276332 /ssl/ssl_asn1.c
parent: 3720ea24f0faa6cee6be5017e5985b47c66374f0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index b1c2d17153..1638c6b525 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -62,6 +62,7 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
author	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 11:21:19 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 11:21:19 +0000
commit	bca9dc2a519e0e2c5a62136a109d18d2a71123b2 (patch)
tree	a88cad7eef543cb8f8c6831f406137f54e276332 /ssl/ssl_asn1.c
parent	3720ea24f0faa6cee6be5017e5985b47c66374f0 (diff)