提交 3d3bf9c7 编写于 作者: D Dr. Stephen Henson

Don't lookup zero length session ID.

PR: 1591
上级 4017e870
......@@ -435,10 +435,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
fatal = 1;
goto err;
}
else if (r == 0)
else if (r == 0 || (!ret || !len))
goto err;
else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
#else
if (len == 0)
goto err;
if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
#endif
{
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册