From c54a116b266c232d9e0ffad482eb5f8b98130ac4 Mon Sep 17 00:00:00 2001
From: markus <>
Date: Tue, 30 Jul 2002 11:08:06 +0000
Subject: apply patches from OpenSSL Security Advisory [30 July 2002],
 http://marc.theaimsgroup.com/?l=openssl-dev&m=102802395104110&w=2

---
 src/lib/libssl/s3_clnt.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/lib/libssl/s3_clnt.c')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index e5853ede95..b6be748932 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -545,6 +545,7 @@ static int ssl3_client_hello(SSL *s)
 		*(p++)=i;
 		if (i != 0)
 			{
+			die(i <= sizeof s->session->session_id);
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -626,6 +627,14 @@ static int ssl3_get_server_hello(SSL *s)
 	/* get the session-id */
 	j= *(p++);
 
+       if(j > sizeof s->session->session_id)
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
+               goto f_err;
+               }
+
 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
 		{
 		/* SSLref returns 16 :-( */
-- 
cgit v1.2.3-55-g6feb