commit b4cadc6e1343c01b06613053a90ed2ee85e65090
author Ben Laurie <ben@openssl.org> Mon Mar 22 12:22:14 1999 +0000
committer Ben Laurie <ben@openssl.org> Mon Mar 22 12:22:14 1999 +0000
tree 5670424b0d897cd7f8161e321f0f514131265159
parent 0f423567a72b68b617ad5554e51095f1017a9d7b

Fix security hole.

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index cb63a9f..5cc0ff4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -605,9 +605,18 @@
 			goto f_err;
 			}
 		}
-	if ((j != 0) && (j == s->session->session_id_length) &&
-		(memcmp(p,s->session->session_id,j) == 0))
-		s->hit=1;
+	if (j != 0 && j == s->session->session_id_length
+	    && memcmp(p,s->session->session_id,j) == 0)
+	    {
+	    if(s->sid_ctx_length != s->session->sid_ctx_length
+	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+		{
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		goto f_err;
+		}
+	    s->hit=1;
+	    }
 	else	/* a miss or crap from the other end */
 		{
 		/* If we were trying for session-id reuse, make a new