diff options
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r-- | ssl/ssl_lib.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 851155e04e..f4112678f8 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -125,6 +125,7 @@ #include <openssl/objects.h> #include <openssl/lhash.h> #include <openssl/x509v3.h> +#include "cryptlib.h" const char *SSL_version_str=OPENSSL_VERSION_TEXT; @@ -277,6 +278,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->verify_mode=ctx->verify_mode; s->verify_depth=ctx->verify_depth; s->sid_ctx_length=ctx->sid_ctx_length; + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); s->verify_callback=ctx->default_verify_callback; s->generate_session_id=ctx->generate_session_id; @@ -318,7 +320,7 @@ err: int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, unsigned int sid_ctx_len) { - if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) + if(sid_ctx_len > sizeof ctx->sid_ctx) { SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); return 0; @@ -368,6 +370,10 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, * any new session built out of this id/id_len and the ssl_version in * use by this SSL. */ SSL_SESSION r, *p; + + if(id_len > sizeof r.session_id) + return 0; + r.ssl_version = ssl->version; r.session_id_length = id_len; memcpy(r.session_id, id, id_len); |