From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Thu, 8 Jan 2026 14:02:54 +0100
Subject: [PATCH] Check the received uncompressed certificate length to prevent
 excessive pre-decompression allocation.

The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research).

Fixes: CVE-2025-66199
---
 ssl/statem/statem_lib.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e0c853c0d..f82d8dcdac 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
         goto err;
     }
 
+    /* Prevent excessive pre-decompression allocation */
+    if (expected_length > sc->max_cert_list) {
+        SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        goto err;
+    }
+
     if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
         SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
         goto err;
-- 
2.51.0