delta/openssl-new.git - github.com: openssl/openssl.git

diff options

author	Matt Caswell <matt@openssl.org>	2015-05-18 16:27:48 +0100
committer	Matt Caswell <matt@openssl.org>	2015-06-02 12:49:03 +0100
commit	0ae3473e8578b547100389bd029873af0cd9a22e (patch)
tree	a16d92f2640dbb5f5cea4069f60ff3c14ac7200e /ssl/s23_lib.c
parent	98377858d14e6582c6dbca4a8bee8c9972ec0a7c (diff)
download	openssl-new-0ae3473e8578b547100389bd029873af0cd9a22e.tar.gz

Fix race condition in NewSessionTicket

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. CVE-2015-1791 This also fixes RT#3808 where a session ID is changed for a session already in the client session cache. Since the session ID is the key to the cache this breaks the cache access. Parts of this patch were inspired by this Akamai change: https://github.com/akamai/openssl/commit/c0bf69a791239ceec64509f9f19fcafb2461b0d3 Reviewed-by: Rich Salz <rsalz@openssl.org> (cherry picked from commit 27c76b9b8010b536687318739c6f631ce4194688) Conflicts: ssl/ssl.h ssl/ssl_err.c

Diffstat (limited to 'ssl/s23_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: