Don't try to lookup zero length session.

author Dr. Stephen Henson <steve@openssl.org>

Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c

index d30a24f2fe0caf8eabbb898416054584a90b5221..ee88be2b88ac98df1466b129f4299f2457e884f3 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,10 +320,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                 fatal = 1;
                 goto err;
                 }
-       else if (r == 0)
+       else if (r == 0 || (!ret && !len))
                 goto err;
         else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
  #else
+       if (len == 0)
+               goto err;
         if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
  #endif
                 {
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 17 Oct 2007 17:30:15 +0000 (17:30 +0000)