diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-10-08 19:56:03 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-01-19 15:53:23 +0000 |
commit | 293b5ca47767005e0341b450eef82633f48359f3 (patch) | |
tree | aa280d8d9e3af25059d17ec73848cd1c243594e2 /ssl/ssl_sess.c | |
parent | aa291c62a7c227d94073c8cd4ce81aa6950d72d7 (diff) |
Validate ClientHello session_id field length and send alert on failure
RT#4080
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 09d0193f06..3010bc4d57 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -529,12 +529,8 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) int fatal = 0; int try_session_cache = 1; int r; - size_t len = PACKET_remaining(session_id); - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) - goto err; - - if (len == 0) + if (PACKET_remaining(session_id) == 0) try_session_cache = 0; /* sets s->tlsext_ticket_expected and extended master secret flag */ |