BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()

After we call SSL_SESSION_get_id(), the length of the id in bytes is
stored in "len", which was never checked. This could cause unexpected
behavior when using the "ssl_fc_session_id" or "ssl_bc_session_id"
fetchers (eg. the result can be an empty value).

The issue was introduced with commit 105599c ("BUG/MEDIUM: ssl: fix
several bad pointer aliases in a few sample fetch functions").

This patch must be backported to 2.1, 2.0, and 1.9.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6462c3e59293d10105fb5bcbcd2def4525faa7b7..c4f9a86ad52ab92e7603152b20ed6173e4dc88c2 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8706,7 +8706,7 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch
                return 0;
 
        smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess, &len);
-       if (!smp->data.u.str.area || !smp->data.u.str.data)
+       if (!smp->data.u.str.area || !len)
                return 0;
 
        smp->data.u.str.data = len;