this change will prevent undefined behavior when src and dst are equal (memcpy), effectively allowing setting length only in both functions.

CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2750)
2017-02-26 15:47:40 -08:00 · 2017-02-26 15:47:40 -08:00 · 6aad939368
commit 6aad939368
parent 4f7b76bf0f
1 changed files with 4 additions and 2 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@ -835,7 +835,8 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
      return 0;
    }
    s->session_id_length = sid_len;
-    memcpy(s->session_id, sid, sid_len);
+    if (sid != s->session_id)
+        memcpy(s->session_id, sid, sid_len);
    return 1;
 }

@ -921,7 +922,8 @@ int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
        return 0;
    }
    s->sid_ctx_length = sid_ctx_len;
-    memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+    if (sid_ctx != s->sid_ctx)
+        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);

    return 1;
 }