From ec0f19597ee5358dd9f455db997f86f47008802c Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 21 Feb 2001 21:38:32 +0000 Subject: [PATCH] If a callback is generating a new session ID for SSLv2, then upon exiting, the ID will be padded out to 16 bytes if the callback attempted to generate a shorter one. The problem is that the uniqueness checking function used in callbacks may mistakenly think a 9-byte ID is unique when in fact its padded 16-byte version is not. This makes the checking function detect SSLv2 cases, and ensures the padded form is checked rather than the shorter one passed by the callback. --- ssl/ssl_lib.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7864f2f7b0..0e372f5843 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id, r.ssl_version = ctx->method->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); + /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a + * callback is calling us to check the uniqueness of a shorter ID, it + * must be compared as a padded-out ID because that is what it will be + * converted to when the callback has finished choosing it. */ + if((r.ssl_version == SSL2_VERSION) && + (id_len < SSL2_SSL_SESSION_ID_LENGTH)) + { + memset(r.session_id + id_len, 0, + SSL2_SSL_SESSION_ID_LENGTH - id_len); + r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; + } CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r); -- GitLab