Commit 947f3156 authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

Initialize the session_id 



ssl_session_hash() always looks at the first 4 bytes, regardless of the length.
A client can send a session id that's shorter, and the callback could also
generate one that's shorter.  So we make sure that the rest of the buffer is
initliazed to 0 so that we always calculate the same hash.

Found by tis-interpreter, also previously reported as RT #2871

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>

MR: #2911
parent b2e8bd7b

ssl/ssl_sess.c

+2 −0
Original line number Diff line number Diff line
@@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session) 
        CRYPTO_THREAD_unlock(s->session_ctx->lock);

        CRYPTO_THREAD_unlock(s->lock);

        /* Choose a session ID */

        memset(ss->session_id, 0, ss->session_id_length);

        tmp = ss->session_id_length;

        if (!cb(s, ss->session_id, &tmp)) {

            /* The callback failed */
@@ -471,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) 
        SSL_SESSION data;

        size_t local_len;

        data.ssl_version = s->version;

        memset(data.session_id, 0, sizeof(data.session_id));

        if (!PACKET_copy_all(session_id, data.session_id,

                             sizeof(data.session_id),

                             &local_len)) {