mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add some more consistency checks in tls_decrypt_ticket.

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2704)
This commit is contained in:
Bernd Edlinger 2017-02-22 11:59:44 +01:00 committed by Rich Salz
parent e4a3d0f968
commit 79020b27be
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/t1_lib.c
View File

@ -1315,6 +1315,11 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick,
sess = d2i_SSL_SESSION(NULL, &p, slen);
OPENSSL_free(sdec);
if (sess) {
/* Some additional consistency checks */
if (p != sdec + slen || sess->session_id_length != 0) {
SSL_SESSION_free(sess);
return 2;
}
/*
* The session ID, if non-empty, is used by some clients to detect
* that the ticket has been accepted. So we copy it to the session