Fix undefined behaviour in the event of a zero length session id

Don't attempt to memcpy a NULL pointer if the length is 0.
mattcaswell · May 1, 2024 · 1f42c09 · 1f42c09
1 parent d857a4a
commit 1f42c09
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
@@ -907,8 +907,9 @@ int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
       return 0;
     }
     s->session_id_length = sid_len;
-    if (sid != s->session_id)
+    if (sid != s->session_id && sid_len > 0)
         memcpy(s->session_id, sid, sid_len);
+
     return 1;
 }