projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix uninitialized variable.
[openssl.git] / ssl / ssl_sess.c
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 24f2670dfd034765023195b6086fe79d3932e13a..8b9945b475703dd261cb2ed2e20f1ba3df9033c8 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -329,21 +329,21 @@ int ssl_get_new_session(SSL *s, int session)
             return (0);
         }
 #ifndef OPENSSL_NO_TLSEXT
-                /*-
-                 * If RFC5077 ticket, use empty session ID (as server).
-                 * Note that:
-                 * (a) ssl_get_prev_session() does lookahead into the
-                 *     ClientHello extensions to find the session ticket.
-                 *     When ssl_get_prev_session() fails, s3_srvr.c calls
-                 *     ssl_get_new_session() in ssl3_get_client_hello().
-                 *     At that point, it has not yet parsed the extensions,
-                 *     however, because of the lookahead, it already knows
-                 *     whether a ticket is expected or not.
-                 *
-                 * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-                 *     ServerHello extensions, and before recording the session
-                 *     ID received from the server, so this block is a noop.
-                 */
+        /*-
+         * If RFC5077 ticket, use empty session ID (as server).
+         * Note that:
+         * (a) ssl_get_prev_session() does lookahead into the
+         *     ClientHello extensions to find the session ticket.
+         *     When ssl_get_prev_session() fails, s3_srvr.c calls
+         *     ssl_get_new_session() in ssl3_get_client_hello().
+         *     At that point, it has not yet parsed the extensions,
+         *     however, because of the lookahead, it already knows
+         *     whether a ticket is expected or not.
+         *
+         * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+         *     ServerHello extensions, and before recording the session
+         *     ID received from the server, so this block is a noop.
+         */
         if (s->tlsext_ticket_expected) {
             ss->session_id_length = 0;
             goto sess_id_done;
@@ -449,8 +449,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
     int r;
 #endif
 
-    if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+        goto err;
+
+    if (session_id + len > limit) {
+        fatal = 1;
         goto err;
+    }
 
     if (len == 0)
         try_session_cache = 0;
@@ -476,8 +481,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 
     if (try_session_cache &&
         ret == NULL &&
-        !(s->
-          session_ctx->session_cache_mode &
+        !(s->session_ctx->session_cache_mode &
           SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) {
         SSL_SESSION data;
         data.ssl_version = s->version;
@@ -518,8 +522,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
              * well if and only if we are supposed to.
              */
             if (!
-                (s->
-                 session_ctx->session_cache_mode &
+                (s->session_ctx->session_cache_mode &
                  SSL_SESS_CACHE_NO_INTERNAL_STORE))
                 /*
                  * The following should not return 1, otherwise, things are
Unnamed repository; edit this file 'description' to name the repository.