Initialize the session_id

ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: N Rich Salz <rsalz@openssl.org> MR: #2911

Initialize the session_id
ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: N Rich Salz <rsalz@openssl.org> MR: #2911
947f3156 · Kurt Roeckx · b2e8bd7b · 947f3156
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

ssl/ssl_sess.c ssl/ssl_sess.c +2 -0

未找到文件。
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session)
        CRYPTO_THREAD_unlock(s->session_ctx->lock);
        CRYPTO_THREAD_unlock(s->lock);
        /* Choose a session ID */
+        memset(ss->session_id, 0, ss->session_id_length);
        tmp = ss->session_id_length;
        if (!cb(s, ss->session_id, &tmp)) {
            /* The callback failed */
@@ -471,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id)
        SSL_SESSION data;
        size_t local_len;
        data.ssl_version = s->version;
+        memset(data.session_id, 0, sizeof(data.session_id));
        if (!PACKET_copy_all(session_id, data.session_id,
                             sizeof(data.session_id),
                             &local_len)) {