From 3333f6a5ada40ee7c61d25e9e148d2fb738ad4de Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 1 Sep 2020 19:17:36 +0000
Subject: Zero out data to avoid leaving stack garbage in the tail of the
 session id in case the copied session id is shorter than
 SSL_MAX_SESSION_ID_LENGTH.

long standing bug pointed out by jsing
---
 src/lib/libssl/ssl_sess.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d46c85411b..3f1b987a7c 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.95 2020/09/01 17:45:17 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.96 2020/09/01 19:17:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -423,6 +423,8 @@ ssl_session_from_cache(SSL *s, CBS *session_id)
 	     SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 		return NULL;
 
+	memset(&data, 0, sizeof(data));
+
 	data.ssl_version = s->version;
 	data.session_id_length = CBS_len(session_id);
 	memcpy(data.session_id, CBS_data(session_id), CBS_len(session_id));
-- 
cgit v1.2.3-55-g6feb