aboutsummaryrefslogtreecommitdiffstats
path: root/main/gnutls/CVE-2011-4128.patch
blob: 2e9c5f88a9a881646527d61365fe6f5a5abb18ff (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Description: Check buffer size passed in from caller prior to overwriting it
Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c
Origin: upstream, http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450

Index: gnutls26-2.10.5/lib/gnutls_session.c
===================================================================
--- gnutls26-2.10.5.orig/lib/gnutls_session.c	2010-08-01 15:37:30.000000000 -0500
+++ gnutls26-2.10.5/lib/gnutls_session.c	2012-04-04 03:25:20.382796666 -0500
@@ -65,13 +65,14 @@
       gnutls_assert ();
       return ret;
     }
-  *session_data_size = psession.size;
 
   if (psession.size > *session_data_size)
     {
+      *session_data_size = psession.size;
       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
       goto error;
     }
+  *session_data_size = psession.size;
 
   if (session_data != NULL)
     memcpy (session_data, psession.data, psession.size);