From adf43dd4ddaab0332e74abc86bbcef9cf27ee54a Mon Sep 17 00:00:00 2001
From: TJ Saunders <tj@castaglia.org>
Date: Sat, 25 Jul 2020 11:10:07 -0700
Subject: [PATCH] Issue #1063: Avoid segfaults for TLSv1.3 data transfers in
 our session tickey callback by checking the status before using SSL_SESSION
 pointer.

---
 contrib/mod_tls.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c
index c4e3a2f186..3cab789c9c 100644
--- a/contrib/mod_tls.c
+++ b/contrib/mod_tls.c
@@ -6833,14 +6833,23 @@ static SSL_TICKET_RETURN tls_decrypt_session_ticket_data_upload_cb(SSL *ssl,
     SSL_SESSION *ssl_session, const unsigned char *key_name, size_t key_namelen,
     SSL_TICKET_STATUS status, void *user_data) {
   SSL_TICKET_RETURN res;
-  int ssl_version, renew_tickets = TRUE;
+  int renew_tickets = TRUE;
 
-  ssl_version = SSL_SESSION_get_protocol_version(ssl_session);
+  /* Avoid using the given SSL_SESSION pointer unless the status indicates that
+   * that pointer is valid (Issue #1063).
+   */
+
+  if (status != SSL_TICKET_EMPTY &&
+      status != SSL_TICKET_NO_DECRYPT) {
+    int ssl_version;
+
+    ssl_version = SSL_SESSION_get_protocol_version(ssl_session);
 # if defined(TLS1_3_VERSION)
-  if (ssl_version == TLS1_3_VERSION) {
-    pr_trace_msg(trace_channel, 29,
-      "suppressing renewal of TLSv1.3 tickets for data transfers");
-    renew_tickets = FALSE;
+    if (ssl_version == TLS1_3_VERSION) {
+      pr_trace_msg(trace_channel, 29,
+        "suppressing renewal of TLSv1.3 tickets for data transfers");
+      renew_tickets = FALSE;
+    }
   }
 # endif /* TLS1_3_VERSION */