From 3a114c2f0e3bf241732fef7a2d339a230ca68abc Mon Sep 17 00:00:00 2001
From: Todd Short <tshort@akamai.com>
Date: Wed, 1 Apr 2015 11:21:35 -0400
Subject: [PATCH 1/4] lh_SSL_SESSION_delete() not checked

Fix an OpenSSL issue where the return code of lh_SSL_SESSION_delete()
is not checked, causing a stale reference in the lhash.

(cherry picked from commit 08215dd6964fc23db4c2a1584f6858f3b7e34bf9)
---
 ssl/ssl_sess.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index b6fd234..092b5e6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -947,12 +947,14 @@ static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
          * The reason we don't call SSL_CTX_remove_session() is to save on
          * locking overhead
          */
-        (void)lh_SSL_SESSION_delete(p->cache, s);
-        SSL_SESSION_list_remove(p->ctx, s);
-        s->not_resumable = 1;
-        if (p->ctx->remove_session_cb != NULL)
-            p->ctx->remove_session_cb(p->ctx, s);
-        SSL_SESSION_free(s);
+        if (lh_SSL_SESSION_retrieve(p->cache, s) == s) {
+            (void)lh_SSL_SESSION_delete(p->cache, s);
+            SSL_SESSION_list_remove(p->ctx, s);
+            s->not_resumable = 1;
+            if (p->ctx->remove_session_cb != NULL)
+                p->ctx->remove_session_cb(p->ctx, s);
+            SSL_SESSION_free(s);
+        }
     }
 }
 
-- 
2.3.2 (Apple Git-55)