[openssl-dev] [openssl.org #3882] [BUGFIX] lh_SSL_SESSION_delete() not checked
Richard Levitte via RT
rt at openssl.org
Sun May 31 16:43:24 UTC 2015
You solution does the following:
if (lh_SSL_SESSION_retrieve(p->cache, s) == s) {
(void)lh_SSL_SESSION_delete(p->cache, s);
...
Would you agree that the following does the same?
if (lh_SSL_SESSION_delete(p->cache, s) == s) {
...
On Sat May 30 09:48:06 2015, tshort at akamai.com wrote:
> Hello OpenSSL Org:
>
> This is a change that Akamai has made to its
> implementation of OpenSSL.
>
> Version: master branch
> Description:
> lh_SSL_SESSION_delete() not checked
>
> Fix an OpenSSL issue where the
> return code of lh_SSL_SESSION_delete()
> is not checked, causing a
> stale reference in the lhash.
>
> Github link:
>
https://github.com/akamai/openssl/commit/3a114c2f0e3bf241732fef7a2d339a230ca68abc
> And attachment.
>
> Thank you.
> --
> -Todd Short
> // tshort at akamai.com
> // “One if by land, two if by sea, three if by the Internet.”
--
Richard Levitte
levitte at openssl.org
More information about the openssl-dev
mailing list