From: Bodo Möller Date: Fri, 20 Sep 2002 08:37:13 +0000 (+0000) Subject: there is no minimum length for session IDs X-Git-Tag: OpenSSL_0_9_7-beta4~169 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f7eb95852c65f485aa59486718fa5d01cf510f33;p=oweals%2Fopenssl.git there is no minimum length for session IDs PR: 274 fix race condition PR: 262 --- diff --git a/CHANGES b/CHANGES index 03b697cd7e..e3fc49c0d2 100644 --- a/CHANGES +++ b/CHANGES @@ -1675,6 +1675,13 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] + *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c + (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes). + [Bodo Moeller] + + *) Fix race condition in SSLv3_client_method(). + [Bodo Moeller] + *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after the cached sessions are flushed, as the remove_cb() might use ex_data contents. Bug found by Sam Varshavchik diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2b58482484..4e6c946ec2 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -146,11 +146,11 @@ SSL_METHOD *SSLv3_client_method(void) if (init) { - init=0; memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), sizeof(SSL_METHOD)); SSLv3_client_data.ssl_connect=ssl3_connect; SSLv3_client_data.get_ssl_method=ssl3_get_client_method; + init=0; } return(&SSLv3_client_data); } @@ -632,23 +632,11 @@ static int ssl3_get_server_hello(SSL *s) /* get the session-id */ j= *(p++); - if(j > sizeof s->session->session_id) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) + if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; } if (j != 0 && j == s->session->session_id_length && memcmp(p,s->session->session_id,j) == 0) @@ -656,6 +644,7 @@ static int ssl3_get_server_hello(SSL *s) if(s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) { + /* actually a client application bug */ al=SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err;