From b4cadc6e1343c01b06613053a90ed2ee85e65090 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Mon, 22 Mar 1999 12:22:14 +0000
Subject: Fix security hole.

---
 ssl/s3_clnt.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'ssl/s3_clnt.c')

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cb63a9f7ce..5cc0ff446d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -605,9 +605,18 @@ SSL *s;
 			goto f_err;
 			}
 		}
-	if ((j != 0) && (j == s->session->session_id_length) &&
-		(memcmp(p,s->session->session_id,j) == 0))
-		s->hit=1;
+	if (j != 0 && j == s->session->session_id_length
+	    && memcmp(p,s->session->session_id,j) == 0)
+	    {
+	    if(s->sid_ctx_length != s->session->sid_ctx_length
+	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		goto f_err;
+		}
+	    s->hit=1;
+	    }
 	else	/* a miss or crap from the other end */
 		{
 		/* If we were trying for session-id reuse, make a new
-- 
cgit v1.2.3