Commit ec0f1959 authored by Geoff Thorpe's avatar Geoff Thorpe
Browse files

If a callback is generating a new session ID for SSLv2, then upon exiting, 

the ID will be padded out to 16 bytes if the callback attempted to generate
a shorter one. The problem is that the uniqueness checking function used in
callbacks may mistakenly think a 9-byte ID is unique when in fact its
padded 16-byte version is not. This makes the checking function detect
SSLv2 cases, and ensures the padded form is checked rather than the shorter
one passed by the callback.
parent fa2b8db4

ssl/ssl_lib.c

+11 −0
Original line number Diff line number Diff line
@@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id, 
	r.ssl_version = ctx->method->version;

	r.session_id_length = id_len;

	memcpy(r.session_id, id, id_len);

	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a

	 * callback is calling us to check the uniqueness of a shorter ID, it

	 * must be compared as a padded-out ID because that is what it will be

	 * converted to when the callback has finished choosing it. */

	if((r.ssl_version == SSL2_VERSION) &&

			(id_len < SSL2_SSL_SESSION_ID_LENGTH))

		{

		memset(r.session_id + id_len, 0,

			SSL2_SSL_SESSION_ID_LENGTH - id_len);

		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;

		}



	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

	p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r);