Fixed issue with session id's in the future

cameronrich · cameronrich · commit c0074b3044c9 · 2012-02-25T08:07:12.000Z
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@224 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
diff --git a/ssl/tls1.c b/ssl/tls1.c
@@ -1667,8 +1667,10 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
         {
             if (ssl_sessions[i])
             {
-                /* kill off any expired sessions */
-                if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)
+                /* kill off any expired sessions (including those in 
+                   the future) */
+                if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) ||
+                            (tm < ssl_sessions[i]->conn_time))
                 {
                     session_free(ssl_sessions, i);
                     continue;
@@ -1712,13 +1714,9 @@ SSL_SESSION *ssl_session_update(int max_sessions, SSL_SESSION *ssl_sessions[],
     }
 
     /* ok, we've used up all of our sessions. So blow the oldest session away */
-    if (oldest_sess != NULL)
-    {
-        oldest_sess->conn_time = tm;
-        memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
-        memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
-    }
-
+    oldest_sess->conn_time = tm;
+    memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));
+    memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));
     SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);
     return oldest_sess;
 }

Original file line number	Diff line number	Diff line change
`@@ -1667,8 +1667,10 @@ SSL_SESSION ssl_session_update(int max_sessions, SSL_SESSION ssl_sessions[],`
`1667`	`1667`	`{`
`1668`	`1668`	`if (ssl_sessions[i])`
`1669`	`1669`	`{`
`1670`		`- /* kill off any expired sessions */`
`1671`		`- if (tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME)`
	`1670`	`+ /* kill off any expired sessions (including those in`
	`1671`	`+ the future) */`
	`1672`	`+ if ((tm > ssl_sessions[i]->conn_time + SSL_EXPIRY_TIME) \|\|`
	`1673`	`+ (tm < ssl_sessions[i]->conn_time))`
`1672`	`1674`	`{`
`1673`	`1675`	`session_free(ssl_sessions, i);`
`1674`	`1676`	`continue;`
`@@ -1712,13 +1714,9 @@ SSL_SESSION ssl_session_update(int max_sessions, SSL_SESSION ssl_sessions[],`
`1712`	`1714`	`}`
`1713`	`1715`
`1714`	`1716`	`/* ok, we've used up all of our sessions. So blow the oldest session away */`
`1715`		`- if (oldest_sess != NULL)`
`1716`		`- {`
`1717`		`- oldest_sess->conn_time = tm;`
`1718`		`- memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));`
`1719`		`- memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));`
`1720`		`- }`
`1721`		`-`
	`1717`	`+ oldest_sess->conn_time = tm;`
	`1718`	`+ memset(oldest_sess->session_id, 0, sizeof(SSL_SESSION_ID_SIZE));`
	`1719`	`+ memset(oldest_sess->master_secret, 0, sizeof(SSL_SECRET_SIZE));`
`1722`	`1720`	`SSL_CTX_UNLOCK(ssl->ssl_ctx->mutex);`
`1723`	`1721`	`return oldest_sess;`
`1724`	`1722`	`}`