CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/09/01 13:17:36
Modified files:
lib/libssl : ssl_sess.c
Log message:
Zero out data to avoid leaving stack garbage in the tail of
the session id in case the copied session id is shorter than
SSL_MAX_SESSION_ID_LENGTH.
long standing bug pointed out by jsing
