[openssl-commits] [openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Fri May 25 10:27:31 UTC 2018


The branch master has been updated
       via  1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c (commit)
      from  a0abb6a10f4c5fc6dd20c487aa0db085fbfb3562 (commit)


- Log -----------------------------------------------------------------
commit 1bb829300a9a941b75e8d5ae6ea8f53b3845ac4c
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Fri May 25 08:06:55 2018 +0200

    Fix array bounds violation in ssl_session_dup
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6353)

-----------------------------------------------------------------------

Summary of changes:
 ssl/ssl_sess.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 541f82a..52ec670 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -204,7 +204,8 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     if (src->ext.supportedgroups) {
         dest->ext.supportedgroups =
             OPENSSL_memdup(src->ext.supportedgroups,
-                           src->ext.supportedgroups_len);
+                           src->ext.supportedgroups_len
+                                * sizeof(*src->ext.supportedgroups));
         if (dest->ext.supportedgroups == NULL)
             goto err;
     }


More information about the openssl-commits mailing list