Fix Kerberos issue in ssl_session_dup

The fix for CVE-2015-1791 introduced an error in ssl_session_dup for Kerberos. Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit dcad51bc13c9b716d9a66248bcc4038c071ff158)
2015-06-10 09:32:34 +01:00 · 2015-06-10 09:32:34 +01:00 · 106a9a5d7e
commit 106a9a5d7e
parent cb972a4fe7
1 changed files with 1 additions and 1 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -242,7 +242,7 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
    memcpy(dest, src, sizeof(*dest));

 #ifndef OPENSSL_NO_KRB5
-    dest->krb5_client_princ_len = dest->krb5_client_princ_len;
+    dest->krb5_client_princ_len = src->krb5_client_princ_len;
    if (src->krb5_client_princ_len > 0)
        memcpy(dest->krb5_client_princ, src->krb5_client_princ,
               src->krb5_client_princ_len);