Don't try to lookup zero length session.

2007-10-17 17:30:15 +00:00
parent 7c717aafc6
commit 33ffe2a7f7
1 changed files with 3 additions and 1 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,10 +320,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
 		goto err;
 		}
-	else if (r == 0)
+	else if (r == 0 || (!ret && !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
+	if (len == 0)
+		goto err;
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
 		{