Don't lookup zero length session ID.

PR: 1591
author: Dr. Stephen Henson <steve@openssl.org> 2007-10-17 17:31:57 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-10-17 17:31:57 +0000
commit: 3d3bf9c73029cdc8101bece5a9e15325920ad3a2 (patch)
tree: c5c88f9d8f90da40c6f2e46a99a635eb66a565f3 /ssl/ssl_sess.c
parent: 4017e8706ce8307e38c2adb1dca017fe7df02ee3 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index c408b074e2..2e44a7aebd 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -435,10 +435,12 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 		fatal = 1;
 		goto err;
 		}
-	else if (r == 0)
+	else if (r == 0 || (!ret || !len))
 		goto err;
 	else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #else
+	if (len == 0)
+		goto err;
 	if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
 		{
author	Dr. Stephen Henson <steve@openssl.org>	2007-10-17 17:31:57 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-10-17 17:31:57 +0000
commit	3d3bf9c73029cdc8101bece5a9e15325920ad3a2 (patch)
tree	c5c88f9d8f90da40c6f2e46a99a635eb66a565f3 /ssl/ssl_sess.c
parent	4017e8706ce8307e38c2adb1dca017fe7df02ee3 (diff)