From: Bodo Möller <bodo@openssl.org>
Date: Sun, 23 May 1999 10:43:46 +0000 (+0000)
Subject: Avoid memory hole when we don't like the session proposed by the client
X-Git-Tag: OpenSSL_0_9_3beta2~6
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=9a193d88250a38fd4dc5094ec4b501598cd23009;ds=sidebyside

Avoid memory hole when we don't like the session proposed by the client
---

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index cac408c38e..3872b41928 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -188,7 +188,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	/* This is used only by servers. */
 
 	SSL_SESSION *ret=NULL,data;
-	int copy=1;
 
 	/* conn_init();*/
 	data.ssl_version=s->version;
@@ -206,6 +205,8 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 
 	if (ret == NULL)
 		{
+		int copy=1;
+	
 		s->ctx->stats.sess_miss++;
 		ret=NULL;
 		if (s->ctx->get_session_cb != NULL
@@ -217,6 +218,9 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 			/* The following should not return 1, otherwise,
 			 * things are very strange */
 			SSL_CTX_add_session(s->ctx,ret);
+			/* auto free it (decrement reference count now) */
+			if (!copy)
+				SSL_SESSION_free(ret);
 			}
 		if (ret == NULL) return(0);
 		}
@@ -233,10 +237,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	    return 0;
 	    }
 
-	/* auto free it */
-	if (!copy)
-	    SSL_SESSION_free(ret);
-
 	if (ret->cipher == NULL)
 		{
 		unsigned char buf[5],*p;