From c046fffa16cd55c972f71c49051b8ce6b83eed7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Tue, 30 Jul 2002 13:04:04 +0000
Subject: OpenSSL Security Advisory [30 July 2002]

Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
---
 ssl/ssl_sess.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ssl/ssl_sess.c')

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6424f775e2..8bfc382bb6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,7 @@ int ssl_get_new_session(SSL *s, int session)
 		ss->session_id_length=0;
 		}
 
+	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
 	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
-- 
cgit v1.2.3