diff options
| author | tb <> | 2020-09-01 19:17:36 +0000 |
|---|---|---|
| committer | tb <> | 2020-09-01 19:17:36 +0000 |
| commit | 3333f6a5ada40ee7c61d25e9e148d2fb738ad4de (patch) | |
| tree | e260348b0b8a124d19675ded616ca3e0d21e593d | |
| parent | d5f3a9753f359d5bbcbb51693103784c79f5f40e (diff) | |
| download | openbsd-3333f6a5ada40ee7c61d25e9e148d2fb738ad4de.tar.gz openbsd-3333f6a5ada40ee7c61d25e9e148d2fb738ad4de.tar.bz2 openbsd-3333f6a5ada40ee7c61d25e9e148d2fb738ad4de.zip | |
Zero out data to avoid leaving stack garbage in the tail of
the session id in case the copied session id is shorter than
SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
| -rw-r--r-- | src/lib/libssl/ssl_sess.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index d46c85411b..3f1b987a7c 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sess.c,v 1.95 2020/09/01 17:45:17 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sess.c,v 1.96 2020/09/01 19:17:36 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -423,6 +423,8 @@ ssl_session_from_cache(SSL *s, CBS *session_id) | |||
| 423 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 423 | SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) |
| 424 | return NULL; | 424 | return NULL; |
| 425 | 425 | ||
| 426 | memset(&data, 0, sizeof(data)); | ||
| 427 | |||
| 426 | data.ssl_version = s->version; | 428 | data.ssl_version = s->version; |
| 427 | data.session_id_length = CBS_len(session_id); | 429 | data.session_id_length = CBS_len(session_id); |
| 428 | memcpy(data.session_id, CBS_data(session_id), CBS_len(session_id)); | 430 | memcpy(data.session_id, CBS_data(session_id), CBS_len(session_id)); |