Rewrite timeout computation in a way that is less prone to overflow.
authorBodo Möller <bodo@openssl.org>
Fri, 30 Dec 2005 23:51:36 +0000 (23:51 +0000)
committerBodo Möller <bodo@openssl.org>
Fri, 30 Dec 2005 23:51:36 +0000 (23:51 +0000)
(Problem reported by Peter Sylvester.)

ssl/ssl_sess.c

index 5286964..7a4bb92 100644 (file)
@@ -389,7 +389,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 #endif
 
-       if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
+       if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
                {
                s->ctx->stats.sess_timeout++;
                /* remove it from the cache */