return (0);
}
#ifndef OPENSSL_NO_TLSEXT
- /*-
- * If RFC5077 ticket, use empty session ID (as server).
- * Note that:
- * (a) ssl_get_prev_session() does lookahead into the
- * ClientHello extensions to find the session ticket.
- * When ssl_get_prev_session() fails, s3_srvr.c calls
- * ssl_get_new_session() in ssl3_get_client_hello().
- * At that point, it has not yet parsed the extensions,
- * however, because of the lookahead, it already knows
- * whether a ticket is expected or not.
- *
- * (b) s3_clnt.c calls ssl_get_new_session() before parsing
- * ServerHello extensions, and before recording the session
- * ID received from the server, so this block is a noop.
- */
+ /*-
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, s3_srvr.c calls
+ * ssl_get_new_session() in ssl3_get_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
if (s->tlsext_ticket_expected) {
ss->session_id_length = 0;
goto sess_id_done;
int r;
#endif
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+ if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+ goto err;
+
+ if (session_id + len > limit) {
+ fatal = 1;
goto err;
+ }
if (len == 0)
try_session_cache = 0;
if (try_session_cache &&
ret == NULL &&
- !(s->
- session_ctx->session_cache_mode &
+ !(s->session_ctx->session_cache_mode &
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
SSL_SESSION data;
data.ssl_version = s->version;
* well if and only if we are supposed to.
*/
if (!
- (s->
- session_ctx->session_cache_mode &
+ (s->session_ctx->session_cache_mode &
SSL_SESS_CACHE_NO_INTERNAL_STORE))
/*
* The following should not return 1, otherwise, things are