From d9f1638a89524a780dfd132b18113bdfd6275b2c Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Sun, 29 Sep 2013
Subject: CVE-2011-4128 [GNUTLS-SA-2011-2]

gnutls_session_get_data: fix possible buffer overflow

This is a backport adaptation for use with GnuTLS 2.10.5.

Relevant upstream commits:
--------------------------
https://gitorious.org/gnutls/gnutls/commit/190cef6eed37d0
https://gitorious.org/gnutls/gnutls/commit/e82ef4545e9e98

---
 gnutls_session.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/lib/gnutls_session.c	2013-09-27
+++ b/lib/gnutls_session.c	2013-09-27
@@ -65,13 +65,14 @@ gnutls_session_get_data (gnutls_session_
       gnutls_assert ();
       return ret;
     }
-  *session_data_size = psession.size;
 
   if (psession.size > *session_data_size)
     {
+      *session_data_size = psession.size;
       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
       goto error;
     }
+  *session_data_size = psession.size;
 
   if (session_data != NULL)
     memcpy (session_data, psession.data, psession.size);