File libtcnative-1-0-bsc1199170.patch of Package libtcnative-1-0.25248
From 5ac1175a0cf24aae2a285b3f3fb877ff83aef0c0 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Tue, 3 May 2022 17:13:20 +0100
Subject: [PATCH] Fix BZ 66035 - avoid crash reading session ID after handshake
failure
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
---
native/src/ssl.c | 4 ++++
xdocs/miscellaneous/changelog.xml | 4 ++++
2 files changed, 8 insertions(+)
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2011,6 +2011,10 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, getS
}
UNREFERENCED(o);
session = SSL_get_session(ssl_);
+ if (NULL == session) {
+ return NULL;
+ }
+
session_id = SSL_SESSION_get_id(session, &len);
if (len == 0 || session_id == NULL) {
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -37,6 +37,10 @@
<section name="Changes in 1.2.23">
<changelog>
<fix>
+ <bug>66035</bug>: Fix crash when attempting to read TLS session ID after a
+ handshake failure. (schultz/markt)
+ </fix>
+ <fix>
Make file fixes to enable building with APR 1.7.x. (markt)
</fix>
<fix>