Fix array bounds violation in ssl_session_dup Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6353)

commit: 1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c [log] [tgz]
author: Bernd Edlinger <bernd.edlinger@hotmail.de> Fri May 25 08:06:55 2018 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> Fri May 25 08:06:55 2018 +0200
tree: 71d52b32bca5e0bc1d4fd828abcf6d2c9def5597
parent: a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 [diff]
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 541f82a..52ec670 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c

@@ -204,7 +204,8 @@
     if (src->ext.supportedgroups) {
         dest->ext.supportedgroups =
             OPENSSL_memdup(src->ext.supportedgroups,
-                           src->ext.supportedgroups_len);
+                           src->ext.supportedgroups_len
+                                * sizeof(*src->ext.supportedgroups));
         if (dest->ext.supportedgroups == NULL)
             goto err;
     }
commit	1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c	[log] [tgz]
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	Fri May 25 08:06:55 2018 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	Fri May 25 08:06:55 2018 +0200
tree	71d52b32bca5e0bc1d4fd828abcf6d2c9def5597
parent	a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 [diff]