Technical Analysis Of The GnuTLS Hello Vulnerability

This past friday I checked out the gnutls repository and noticed a commit done two weeks ago: 2014-05-23 19:50 Nikos Mavrogiannopoulos <[email protected]> Prevent memory corruption due to server hello parsing. The patch adds a second check to verify the boundary of the session id size. - if (len < session_id_len) { + if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) { The memory corruption keywords triggered my attention, and just 6 days later there’s another funny commit: