OpenSSL Security Advisory [30 July 2002] Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537.

commit: c046fffa16cd55c972f71c49051b8ce6b83eed7f [log] [tgz]
author: Lutz Jänicke <jaenicke@openssl.org> Tue Jul 30 13:04:04 2002 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> Tue Jul 30 13:04:04 2002 +0000
tree: f88e3f90a37215466511661e101da6882f8c0836
parent: 3aecef76973dbea037ec4e1ceba7ec1bd3fb683a [diff] [blame]
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index b1c2d17..1638c6b 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c

@@ -62,6 +62,7 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -296,6 +297,7 @@
 		os.length=i;
 
 	ret->session_id_length=os.length;
+	die(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
commit	c046fffa16cd55c972f71c49051b8ce6b83eed7f	[log] [tgz]
author	Lutz Jänicke <jaenicke@openssl.org>	Tue Jul 30 13:04:04 2002 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	Tue Jul 30 13:04:04 2002 +0000
tree	f88e3f90a37215466511661e101da6882f8c0836
parent	3aecef76973dbea037ec4e1ceba7ec1bd3fb683a [diff] [blame]