diff options
author | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 1999-03-22 12:22:14 +0000 |
commit | b4cadc6e1343c01b06613053a90ed2ee85e65090 (patch) | |
tree | 5670424b0d897cd7f8161e321f0f514131265159 /ssl/ssl_sess.c | |
parent | 0f423567a72b68b617ad5554e51095f1017a9d7b (diff) | |
download | openssl-b4cadc6e1343c01b06613053a90ed2ee85e65090.tar.gz |
Fix security hole.
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r-- | ssl/ssl_sess.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2403b066cb..d731634c70 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -190,6 +190,8 @@ int session; ss->session_id_length=0; } + memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); + ss->sid_ctx_length=s->sid_ctx_length; s->session=ss; ss->ssl_version=s->version; @@ -202,13 +204,14 @@ unsigned char *session_id; int len; { SSL_SESSION *ret=NULL,data; + int copy=1; /* conn_init();*/ data.ssl_version=s->version; data.session_id_length=len; if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) return(0); - memcpy(data.session_id,session_id,len);; + memcpy(data.session_id,session_id,len); if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) { @@ -219,26 +222,33 @@ int len; if (ret == NULL) { - int copy=1; - s->ctx->stats.sess_miss++; ret=NULL; - if ((s->ctx->get_session_cb != NULL) && - ((ret=s->ctx->get_session_cb(s,session_id,len,©)) - != NULL)) + if (s->ctx->get_session_cb != NULL + && (ret=s->ctx->get_session_cb(s,session_id,len,©)) + != NULL) { s->ctx->stats.sess_cb_hit++; /* The following should not return 1, otherwise, * things are very strange */ SSL_CTX_add_session(s->ctx,ret); - /* auto free it */ - if (!copy) - SSL_SESSION_free(ret); } if (ret == NULL) return(0); } + if((s->verify_mode&SSL_VERIFY_PEER) + && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length + || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) + { + SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + return 0; + } + + /* auto free it */ + if (!copy) + SSL_SESSION_free(ret); + if (ret->cipher == NULL) { char buf[5],*p; |