OpenSSL Security Advisory [30 July 2002]

Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.
author: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 13:04:04 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2002-07-30 13:04:04 +0000
commit: c046fffa16cd55c972f71c49051b8ce6b83eed7f (patch)
tree: f88e3f90a37215466511661e101da6882f8c0836 /ssl/ssl_asn1.c
parent: 3aecef76973dbea037ec4e1ceba7ec1bd3fb683a (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index b1c2d17153..1638c6b525 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -62,6 +62,7 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -296,6 +297,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
author	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 13:04:04 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2002-07-30 13:04:04 +0000
commit	c046fffa16cd55c972f71c49051b8ce6b83eed7f (patch)
tree	f88e3f90a37215466511661e101da6882f8c0836 /ssl/ssl_asn1.c
parent	3aecef76973dbea037ec4e1ceba7ec1bd3fb683a (diff)