add SSL_CTX_set_session_id_context(3) checks

bz #66226


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908971 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 13 insertions, 3 deletions

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 96aaf6602d..a416ce3f0f 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -988,9 +988,17 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
                           "protocol (%s support secure renegotiation)",
                           reneg_support);
 
-            SSL_set_session_id_context(ssl,
+            if(!SSL_set_session_id_context(ssl,
                                        (unsigned char *)&id,
-                                       sizeof(id));
+                                       sizeof(id))) {
+
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10422)
+                              "error setting SSL session context");
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
+
+                r->connection->keepalive = AP_CONN_CLOSE;
+                return HTTP_FORBIDDEN;
+            }
 
             /* Toggle the renegotiation state to allow the new
              * handshake to proceed. */
@@ -2576,7 +2584,9 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
          * a renegotiation.
          */
         if (SSL_num_renegotiations(ssl) == 0) {
-            SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2);
+            if(!SSL_set_session_id_context(ssl, sc->vhost_md5, APR_MD5_DIGESTSIZE*2)) {
+              return 0;
+            }
         }
 
         /*