projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cce3e4a) | patch
Fix race condition in NewSessionTicket
authorMatt Caswell <matt@openssl.org>
Mon, 18 May 2015 15:27:48 +0000 (16:27 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 2 Jun 2015 11:44:40 +0000 (12:44 +0100)
commit939b4960276b040fc0ed52232238fcc9e2e9ec21
treecefe73e09d05363aa05e229b9ee40090fda12f93tree | snapshot
parentcce3e4adb78a8d3eeb6e0e4efe332fcc5d75f615commit | diff
Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688)

Conflicts:
ssl/ssl.h
ssl/ssl_err.c
ssl/s3_clnt.c diff | blob | history
ssl/ssl.h diff | blob | history
ssl/ssl_err.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
ssl/ssl_sess.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.