From 35224ef906462d85cadce19094eee2ac2a4ba84c Mon Sep 17 00:00:00 2001
From: Robert Schulze <robert@clickhouse.com>
Date: Tue, 18 Jun 2024 20:31:14 +0000
Subject: [PATCH] Incorporate review feedback

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24673)

(cherry picked from commit 8d934a75929d058bbc4566a6ebc9f804e1dd081f)
---
 ssl/ssl_local.h | 11 ++++++-----
 ssl/ssl_sess.c  |  7 ++-----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index f448cfdbc94..a5f1e169002 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -542,11 +542,6 @@ struct ssl_session_st {
                                  * load the 'cipher' structure */
     unsigned int kex_group;      /* TLS group from key exchange */
     CRYPTO_EX_DATA ex_data;     /* application specific data */
-    /*
-     * These are used to make removal of session-ids more efficient and to
-     * implement a maximum cache size.
-     */
-    struct ssl_session_st *prev, *next;
 
     struct {
         char *hostname;
@@ -576,6 +571,12 @@ struct ssl_session_st {
     size_t ticket_appdata_len;
     uint32_t flags;
     SSL_CTX *owner;
+
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
 };
 
 /* Extended master secret support */
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 3b571991e46..646cf1c52a6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -141,13 +141,10 @@ static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket)
         return NULL;
 
     /*
-     * Copy until prev ptr, because it's a part of sessons cache which can be modified
-     * concurrently. Other fields filled in the code bellow.
+     * src is logically read-only but the prev/next pointers are not, they are
+     * part of the session cache and can be modified concurrently.
      */
     memcpy(dest, src, offsetof(SSL_SESSION, prev));
-    dest->ext = src->ext;
-    dest->ticket_appdata_len = src->ticket_appdata_len;
-    dest->flags = src->flags;
 
     /*
      * Set the various pointers to NULL so that we can call SSL_SESSION_free in
-- 
2.47.2