2 files changed, 9 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index e17a661e91..4db9aadf87 100644
--- a/CHANGES
+++ b/CHANGES
@@ -13,7 +13,13 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
-  +) Do not store session data into the internal session cache, if it
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar@checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
      is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
      flag is set). Proposed by Aslam <aslam@funk.com>.
      [Lutz Jaenicke]
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 9078d759f5..6424f775e2 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -474,10 +474,10 @@ static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
 	if ((c != NULL) && (c->session_id_length != 0))
 		{
 		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
-		if (r != NULL)
+		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
 			{
 			ret=1;
+			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
 			SSL_SESSION_list_remove(ctx,c);
 			}