Fix security hole.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 1091ee1..3b6c364 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -63,7 +63,7 @@
#include "lhash.h"
#include "ssl_locl.h"
-char *SSL_version_str="OpenSSL 0.9.2 31-Dec-1998";
+char *SSL_version_str=OPENSSL_VERSION_TEXT;
static STACK *ssl_meth=NULL;
static STACK *ssl_ctx_meth=NULL;
@@ -216,6 +216,20 @@
return(NULL);
}
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+ {
+ if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+ {
+ SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ ssl->sid_ctx_length=sid_ctx_len;
+ memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
+
+ return 1;
+ }
+
void SSL_free(SSL *s)
{
int i;
@@ -485,6 +499,7 @@
else
t->cert=NULL;
if (tmp != NULL) ssl_cert_free(tmp);
+ SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
}
/* Fix this so it checks all the valid key/cert options */
@@ -1417,7 +1432,8 @@
SSL *ret;
int i;
- if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
+ if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+ return(NULL);
/* This copies version, session-id, SSL_METHOD and 'cert' */
SSL_copy_session_id(ret,s);
