Prepare OpenSSL 0.9.8g: cherry pick

  http://cvs.openssl.org/chngview?cn=16691
Don't try to lookup zero length session.
PR: 1591
Submitted by: steve

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d30a24f2fe0caf8eabbb898416054584a90b5221..ee88be2b88ac98df1466b129f4299f2457e884f3 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,10 +320,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                fatal = 1;
                goto err;
                }
-       else if (r == 0)
+       else if (r == 0 || (!ret && !len))
                goto err;
        else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
+       if (len == 0)
+               goto err;
        if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
                {