don't memset(data,0,...) if data is NULL

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9078d759f5890492bcdfc513a7435bbc9584e10d..ca1a7427be1116e5317a25aaadd46a8abcb6655d 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -60,6 +60,7 @@
 #include <openssl/lhash.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
@@ -250,6 +251,12 @@ int ssl_get_new_session(SSL *s, int session)
                ss->session_id_length=0;
                }
 
+       if (s->sid_ctx_length > sizeof ss->sid_ctx)
+               {
+               SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+               SSL_SESSION_free(ss);
+               return 0;
+               }
        memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
        ss->sid_ctx_length=s->sid_ctx_length;
        s->session=ss;
@@ -474,10 +481,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
        if ((c != NULL) && (c->session_id_length != 0))
                {
                if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-               r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
-               if (r != NULL)
+               if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
                        {
                        ret=1;
+                       r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
                        SSL_SESSION_list_remove(ctx,c);
                        }