Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-05-18 16:27:48 +0100
committer: Matt Caswell <matt@openssl.org> 2015-06-02 09:30:12 +0100
commit: 98ece4eebfb6cd45cc8d550c6ac0022965071afc (patch)
tree: 8bc98118fe0539dfdf13bfcfeb36468cdba00ed7 /include
parent: 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 (diff)
download: openssl-98ece4eebfb6cd45cc8d550c6ac0022965071afc.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3e2dac6746..4e18b65605 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2048,6 +2048,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_F_SSL_READ                                   223
 # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
 # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
+# define SSL_F_SSL_SESSION_DUP                            348
 # define SSL_F_SSL_SESSION_NEW                            189
 # define SSL_F_SSL_SESSION_PRINT_FP                       190
 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
author	Matt Caswell <matt@openssl.org>	2015-05-18 16:27:48 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-02 09:30:12 +0100
commit	98ece4eebfb6cd45cc8d550c6ac0022965071afc (patch)
tree	8bc98118fe0539dfdf13bfcfeb36468cdba00ed7 /include
parent	8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 (diff)
download	openssl-98ece4eebfb6cd45cc8d550c6ac0022965071afc.tar.gz