From 8c447031adff74d8a910231fc06396bbbb331685 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Fri, 19 Oct 2007 07:36:34 +0000
Subject: [PATCH] Prepare OpenSSL 0.9.8g: cherry pick  
 http://cvs.openssl.org/chngview?cn=16691 Don't try to lookup zero length
 session. PR: 1591 Submitted by: steve

---
 ssl/ssl_sess.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d30a24f2fe..ee88be2b88 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,10 +320,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
  		goto err;
 		}
-	else if (r == 0)
+	else if (r == 0 || (!ret && !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
+	if (len == 0)
+		goto err;
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
 		{
-- 
2.25.1