Make removal from session cache more robust.

diff --git a/CHANGES b/CHANGES
index e17a661e911cf93e5807826382369cfc2c6bc1c3..4db9aadf877e7d52207a126356ffe6127961dd10 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -13,7 +13,13 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
-  +) Do not store session data into the internal session cache, if it
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar@checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
      is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
      flag is set). Proposed by Aslam <aslam@funk.com>.
      [Lutz Jaenicke]

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9078d759f5890492bcdfc513a7435bbc9584e10d..6424f775e21f785c1222e27fc57e04acebe4b4fa 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -474,10 +474,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
        if ((c != NULL) && (c->session_id_length != 0))
                {
                if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-               r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
-               if (r != NULL)
+               if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
                        {
                        ret=1;
+                       r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
                        SSL_SESSION_list_remove(ctx,c);
                        }