From 947f3156ecedbc62e21da3569fc291166b3bc086 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 5 Jun 2016 23:34:57 +0200 Subject: [PATCH] Initialize the session_id ssl_session_hash() always looks at the first 4 bytes, regardless of the length. A client can send a session id that's shorter, and the callback could also generate one that's shorter. So we make sure that the rest of the buffer is initliazed to 0 so that we always calculate the same hash. Found by tis-interpreter, also previously reported as RT #2871 Reviewed-by: Rich Salz MR: #2911 --- ssl/ssl_sess.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6e53d9b27a..41abe44a82 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -359,6 +359,7 @@ int ssl_get_new_session(SSL *s, int session) CRYPTO_THREAD_unlock(s->session_ctx->lock); CRYPTO_THREAD_unlock(s->lock); /* Choose a session ID */ + memset(ss->session_id, 0, ss->session_id_length); tmp = ss->session_id_length; if (!cb(s, ss->session_id, &tmp)) { /* The callback failed */ @@ -471,6 +472,7 @@ int ssl_get_prev_session(SSL *s, const PACKET *ext, const PACKET *session_id) SSL_SESSION data; size_t local_len; data.ssl_version = s->version; + memset(data.session_id, 0, sizeof(data.session_id)); if (!PACKET_copy_all(session_id, data.session_id, sizeof(data.session_id), &local_len)) { -- GitLab