diff options
Diffstat (limited to 'security/nss/lib/ssl/sslnonce.c')
| -rw-r--r-- | security/nss/lib/ssl/sslnonce.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c index b7b5b7fe51..3c30d3aa09 100644 --- a/security/nss/lib/ssl/sslnonce.c +++ b/security/nss/lib/ssl/sslnonce.c @@ -537,6 +537,9 @@ ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedToken, } if (readerBuffer.len) { PORT_Assert(readerBuffer.buf); + if (sid->peerID) { + PORT_Free((void *)sid->peerID); + } sid->peerID = PORT_Strdup((const char *)readerBuffer.buf); } @@ -1197,14 +1200,15 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid, * anything yet, so no locking is needed. */ if (sid->u.ssl3.lock) { - PORT_Assert(sid->cached == in_client_cache); PR_RWLock_Wlock(sid->u.ssl3.lock); + /* Another thread may have evicted, or it may be in external cache. */ + PORT_Assert(sid->cached != never_cached); } /* If this was in the client cache, then we might have to free the old * ticket. In TLS 1.3, we might get a replacement ticket if the server * sends more than one ticket. */ if (sid->u.ssl3.locked.sessionTicket.ticket.data) { - PORT_Assert(sid->cached == in_client_cache || + PORT_Assert(sid->cached != never_cached || sid->version >= SSL_LIBRARY_VERSION_TLS_1_3); SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket, PR_FALSE); |