diff options
author | Matt Caswell <matt@openssl.org> | 2024-05-01 11:23:57 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-05-06 10:45:19 +0200 |
commit | 287165f1b7ce0193378b9365e675edd69fc289c4 (patch) | |
tree | 1451da04e1edac3da46bee2a892ee451c3864d84 | |
parent | 5cd860825061dc8cb7ef666ea7ec8c51999a5553 (diff) |
Fix undefined behaviour in the event of a zero length session id
Don't attempt to memcpy a NULL pointer if the length is 0.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24309)
(cherry picked from commit 97c6489b39c966c6e5169b9b92ec5fa9a35c7ba3)
-rw-r--r-- | ssl/ssl_sess.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eaa9595f8c..3857e027ee 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -907,8 +907,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, return 0; } s->session_id_length = sid_len; - if (sid != s->session_id) + if (sid != s->session_id && sid_len > 0) memcpy(s->session_id, sid, sid_len); + return 1; } |