#include <openssl/lhash.h>
#include <openssl/rand.h>
#include "ssl_locl.h"
+#include "cryptlib.h"
static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
ss->session_id_length=0;
}
+ if (s->sid_ctx_length > sizeof ss->sid_ctx)
+ {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
ss->sid_ctx_length=s->sid_ctx_length;
s->session=ss;
if ((c != NULL) && (c->session_id_length != 0))
{
if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
- if (r != NULL)
+ if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
{
ret=1;
+ r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
SSL_SESSION_list_remove(ctx,c);
}