Fix undefined behaviour in the event of a zero length session id

Don't attempt to memcpy a NULL pointer if the length is 0. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24309) (cherry picked from commit 97c6489b39c966c6e5169b9b92ec5fa9a35c7ba3)
author: Matt Caswell <matt@openssl.org> 2024-05-01 11:23:57 +0100
committer: Tomas Mraz <tomas@openssl.org> 2024-05-06 10:45:19 +0200
commit: 287165f1b7ce0193378b9365e675edd69fc289c4 (patch)
tree: 1451da04e1edac3da46bee2a892ee451c3864d84
parent: 5cd860825061dc8cb7ef666ea7ec8c51999a5553 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eaa9595f8c..3857e027ee 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -907,8 +907,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
       return 0;
     }
     s->session_id_length = sid_len;
-    if (sid != s->session_id)
+    if (sid != s->session_id && sid_len > 0)
         memcpy(s->session_id, sid, sid_len);
+
     return 1;
 }
author	Matt Caswell <matt@openssl.org>	2024-05-01 11:23:57 +0100
committer	Tomas Mraz <tomas@openssl.org>	2024-05-06 10:45:19 +0200
commit	287165f1b7ce0193378b9365e675edd69fc289c4 (patch)
tree	1451da04e1edac3da46bee2a892ee451c3864d84
parent	5cd860825061dc8cb7ef666ea7ec8c51999a5553 (diff)