Initialize the session_id

ssl_session_hash() always looks at the first 4 bytes, regardless of the length.
A client can send a session id that's shorter, and the callback could also
generate one that's shorter.  So we make sure that the rest of the buffer is
initliazed to 0 so that we always calculate the same hash.

Found by tis-interpreter, also previously reported as RT #2871

Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2911

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6e53d9b27a9526c736088efc0101daddc5b9326b..41abe44a82bbd328b937c55dd2150468f02668ec 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session)
         CRYPTO_THREAD_unlock(s->session_ctx->lock);
         CRYPTO_THREAD_unlock(s->lock);
         /* Choose a session ID */
         CRYPTO_THREAD_unlock(s->session_ctx->lock);
         CRYPTO_THREAD_unlock(s->lock);
         /* Choose a session ID */

+        memset(ss->session_id, 0, ss->session_id_length);

         tmp = ss->session_id_length;
         if (!cb(s, ss->session_id, &tmp)) {
             /* The callback failed */
         tmp = ss->session_id_length;
         if (!cb(s, ss->session_id, &tmp)) {
             /* The callback failed */


@@ -471,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
         SSL_SESSION data;
         size_t local_len;
         data.ssl_version = s->version;
         SSL_SESSION data;
         size_t local_len;
         data.ssl_version = s->version;

+        memset(data.session_id, 0, sizeof(data.session_id));

         if (!PACKET_copy_all(session_id, data.session_id,
                              sizeof(data.session_id),
                              &local_len)) {
         if (!PACKET_copy_all(session_id, data.session_id,
                              sizeof(data.session_id),
                              &local_len)) {