Security fixes brought forward from 0.9.7.

[openssl.git] / ssl / ssl_lib.c
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 1ddd3380acb15adace6865967bcaeb2c2f65beb8..f4112678f8336d25ecb5fd064f64c979ba3bc695 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -125,6 +125,7 @@
  #include <openssl/objects.h>
  #include <openssl/lhash.h>
  #include <openssl/x509v3.h>
+#include "cryptlib.h"
  
  const char *SSL_version_str=OPENSSL_VERSION_TEXT;
  
@@ -277,6 +278,7 @@ SSL *SSL_new(SSL_CTX *ctx)
         s->verify_mode=ctx->verify_mode;
         s->verify_depth=ctx->verify_depth;
         s->sid_ctx_length=ctx->sid_ctx_length;
+       OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
         memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
         s->verify_callback=ctx->default_verify_callback;
         s->generate_session_id=ctx->generate_session_id;
@@ -318,7 +320,7 @@ err:
  int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
                                    unsigned int sid_ctx_len)
      {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
         {
         SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
         return 0;
@@ -368,6 +370,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
          * any new session built out of this id/id_len and the ssl_version in
          * use by this SSL. */
         SSL_SESSION r, *p;
+
+       if(id_len > sizeof r.session_id)
+               return 0;
+
         r.ssl_version = ssl->version;
         r.session_id_length = id_len;
         memcpy(r.session_id, id, id_len);
@@ -1803,7 +1809,7 @@ void ssl_update_cache(SSL *s,int mode)
  
         i=s->ctx->session_cache_mode;
         if ((i & mode) && (!s->hit)
-               && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+               && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
                     || SSL_CTX_add_session(s->ctx,s->session))
                 && (s->ctx->new_session_cb != NULL))
                 {