git.openssl.org Git - openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Mon, 18 May 2015 15:27:48 +0000 (16:27 +0100)
committer	Matt Caswell <matt@openssl.org>
	Tue, 2 Jun 2015 08:30:12 +0000 (09:30 +0100)
commit	98ece4eebfb6cd45cc8d550c6ac0022965071afc
tree	8bc98118fe0539dfdf13bfcfeb36468cdba00ed7	tree \| snapshot
parent	8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6	commit \| diff

Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.

CVE-2015-1791

This also fixes RT#3808 where a session ID is changed for a session already
in the client session cache. Since the session ID is the key to the cache
this breaks the cache access.

Parts of this patch were inspired by this Akamai change:
https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3

Reviewed-by: Rich Salz <rsalz@openssl.org>

include/openssl/ssl.h		diff \| blob \| history
ssl/s3_clnt.c		diff \| blob \| history
ssl/ssl_err.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/ssl_sess.c		diff \| blob \| history