public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix undefined behaviour in the event of a zero length session id

Browse source 
Don't attempt to memcpy a NULL pointer if the length is 0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)

(cherry picked from commit 97c6489b39)
This commit is contained in:
Matt Caswell 2024-05-01 11:23:57 +01:00 committed by Tomas Mraz
parent 5cd8608250
commit 287165f1b7
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ssl/ssl_sess.c
View file

@ -907,8 +907,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
return 0;
}
s->session_id_length = sid_len;
if (sid != s->session_id)
if (sid != s->session_id && sid_len > 0)
memcpy(s->session_id, sid, sid_len);
return 1;
}