This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit 5ac1175a0cf24aae2a285b3f3fb877ff83aef0c0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 3 17:13:20 2022 +0100
Fix BZ 66035 - avoid crash reading session ID after handshake failure
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
---
native/src/ssl.c | 4 ++++
xdocs/miscellaneous/changelog.xml | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..6d248550f 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,6 +2001,10 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL,
getSessionId)(TCN_STDARGS, jlong ssl)
}
UNREFERENCED(o);
session = SSL_get_session(ssl_);
+ if (NULL == session) {
+ return NULL;
+ }
+
session_id = SSL_SESSION_get_id(session, &len);
if (len == 0 || session_id == NULL) {
diff --git a/xdocs/miscellaneous/changelog.xml
b/xdocs/miscellaneous/changelog.xml
index 8bd9bf42d..871b6dd59 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -36,6 +36,10 @@
</section>
<section name="Changes in 1.2.33">
<changelog>
+ <fix>
+ <bug>66035</bug>: Fix crash when attempting to read TLS session ID after
a
+ handshake failure. (schultz/markt)
+ </fix>
</changelog>
</section>
<section name="Changes in 1.2.32">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
