generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid memory hole when we don't like the session proposed by the client

Browse Source
This commit is contained in:
Bodo Möller 1999-05-23 10:43:46 +00:00
parent 0dc42a1e74
commit 9a193d8825
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/ssl_sess.c
View File

@ -188,7 +188,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
/* This is used only by servers. */
SSL_SESSION *ret=NULL,data;
int copy=1;
/* conn_init();*/
data.ssl_version=s->version;
@ -206,6 +205,8 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
if (ret == NULL)
{
int copy=1;
s->ctx->stats.sess_miss++;
ret=NULL;
if (s->ctx->get_session_cb != NULL
@ -217,6 +218,9 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
/* The following should not return 1, otherwise,
* things are very strange */
SSL_CTX_add_session(s->ctx,ret);
/* auto free it (decrement reference count now) */
if (!copy)
SSL_SESSION_free(ret);
}
if (ret == NULL) return(0);
}
@ -233,10 +237,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
return 0;
}
/* auto free it */
if (!copy)
SSL_SESSION_free(ret);
if (ret->cipher == NULL)
{
unsigned char buf[5],*p;