If a callback is generating a new session ID for SSLv2, then upon exiting,
the ID will be padded out to 16 bytes if the callback attempted to generate a shorter one. The problem is that the uniqueness checking function used in callbacks may mistakenly think a 9-byte ID is unique when in fact its padded 16-byte version is not. This makes the checking function detect SSLv2 cases, and ensures the padded form is checked rather than the shorter one passed by the callback.
This commit is contained in:
Geoff Thorpe
parent
fa2b8db499
commit
ec0f19597e
@ -311,6 +311,17 @@ int SSL_CTX_has_matching_session_id(const SSL_CTX *ctx, const unsigned char *id,
|
||||
r.ssl_version = ctx->method->version;
|
||||
r.session_id_length = id_len;
|
||||
memcpy(r.session_id, id, id_len);
|
||||
/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
|
||||
* callback is calling us to check the uniqueness of a shorter ID, it
|
||||
* must be compared as a padded-out ID because that is what it will be
|
||||
* converted to when the callback has finished choosing it. */
|
||||
if((r.ssl_version == SSL2_VERSION) &&
|
||||
(id_len < SSL2_SSL_SESSION_ID_LENGTH))
|
||||
{
|
||||
memset(r.session_id + id_len, 0,
|
||||
SSL2_SSL_SESSION_ID_LENGTH - id_len);
|
||||
r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
|
||||
}
|
||||
|
||||
CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
|
||||
p = (SSL_SESSION *)lh_retrieve(ctx->sessions, &r);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user