This corrects the reference count handling in SSL_get_session.

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 97c7f3325199ae3ab9bc7bfa9b62ff80baf04d7b..4dddf627cd62e33eb68f068e53a1539c1257fd2a 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -69,17 +69,26 @@ static STACK *ssl_session_meth=NULL;
 
 SSL_SESSION *SSL_get_session(SSL *ssl)
        {
-       return(ssl->session);
+       SSL_SESSION *sess;
+       /* Need to lock this all up rather than just use CRYPTO_add so that
+        * somebody doesn't free ssl->session between when we check it's
+        * non-null and when we up the reference count. */
+       CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+       sess = ssl->session;
+       if(sess)
+               sess->references++;
+       CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+       return(sess);
        }
 
 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
             int (*dup_func)(), void (*free_func)())
-        {
-        ssl_session_num++;
-        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
+       {
+       ssl_session_num++;
+       return(CRYPTO_get_ex_new_index(ssl_session_num-1,
                &ssl_session_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
+               argl,argp,new_func,dup_func,free_func));
+       }
 
 int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
        {