diff options
| author | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
|---|---|---|
| committer | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
| commit | b4cadc6e1343c01b06613053a90ed2ee85e65090 (patch) | |
| tree | 5670424b0d897cd7f8161e321f0f514131265159 /ssl/s3_clnt.c | |
| parent | 0f423567a72b68b617ad5554e51095f1017a9d7b (diff) | |
| download | openssl-b4cadc6e1343c01b06613053a90ed2ee85e65090.tar.gz | |
Fix security hole.
Diffstat (limited to 'ssl/s3_clnt.c')
| -rw-r--r-- | ssl/s3_clnt.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index cb63a9f7ce..5cc0ff446d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -605,9 +605,18 @@ SSL *s; goto f_err; } } - if ((j != 0) && (j == s->session->session_id_length) && - (memcmp(p,s->session->session_id,j) == 0)) - s->hit=1; + if (j != 0 && j == s->session->session_id_length + && memcmp(p,s->session->session_id,j) == 0) + { + if(s->sid_ctx_length != s->session->sid_ctx_length + || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) + { + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } + s->hit=1; + } else /* a miss or crap from the other end */ { /* If we were trying for session-id reuse, make a new |