Don't lookup zero length session ID.

author Dr. Stephen Henson <steve@openssl.org>

Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c

index c408b074e2591d7dbd1186c0de297d47f7a0fd55..2e44a7aebde917bc44320b3c5c6b419f2813cbf6 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -435,10 +435,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                 fatal = 1;
                 goto err;
                 }
-       else if (r == 0)
+       else if (r == 0 || (!ret || !len))
                 goto err;
         else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
  #else
+       if (len == 0)
+               goto err;
         if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
  #endif
                 {
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 Oct 2007 17:31:57 +0000 (17:31 +0000)