File CVE-2014-3466.patch of Package gnutls.3982

Index: gnutls-3.2.4/lib/gnutls_handshake.c
===================================================================
--- gnutls-3.2.4.orig/lib/gnutls_handshake.c
+++ gnutls-3.2.4/lib/gnutls_handshake.c
@@ -1741,7 +1741,7 @@ _gnutls_read_server_hello (gnutls_sessio
   DECR_LEN (len, 1);
   session_id_len = data[pos++];
 
-  if (len < session_id_len)
+	if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE)
     {
       gnutls_assert ();
       return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;

Places

File CVE-2014-3466.patch of Package gnutls.3982

Places